back to article Legal bible Groklaw pulls plug in wake of Lavabit shutdown, NSA firestorm

Blogger Pamela Jones will shut down her award-winning legal news website Groklaw following revelations that the NSA is intercepting the world's internet communications. Jones, also known as PJ, said in a final farewell article that the shutdown of encrypted email provider Lavabit, used by whistleblower Edward Snowden, had …

COMMENTS

This topic is closed for new posts.
  1. b0llchit
    Big Brother

    Intimidation

    The real problem here is that the repressive attitude of governments and associated intimidation seem to have exactly the effect they were designed for:

    Destroy dissent.

    That is the real tragedy of it. We seem to be all too eager to self-censor in the wake of the revelations and pressures. I can understand PJ's decision, but can in no circumstance support that decision. It shows us the path to utter and complete destruction of free exchange of information.

    1. Anonymous Coward
      Anonymous Coward

      Re: Intimidation

      Such interception and implying things from what you receive and who you receive it from sort of goes against the whole concept of innocent until proven guilty.

      Surveillance is almost the opposite, everyone could be guilty, so we will check what everyone is doing and saying to ensure they aren't guilty.

      1. James Micallef Silver badge
        Thumb Up

        Re: Intimidation

        "Surveillance is almost the opposite, everyone could be guilty , so we will check what everyone is doing and saying to ensure they aren't guilty"

        Almost! In reality democracies nowadays have myriad laws, executive orders, treaties, federal laws, state laws, local by-laws etc etc* that even without knowing it, pretty much everyone is innocently breaking some law or other. A recent US study showed that the average person is probably breaking 6-7 laws.

        So what's happening is "Everyone IS guilty, we just don't know of what, so we will check what everyone is doing and know what everyone is guilty of. At that point they can either behave like compliant and loyal citizens or we will grind them into the dirt"

        *As I saw mentioned on comments of another article: "Corruptissima re publica plurimae leges"

        1. Anonymous Coward
          Anonymous Coward

          Re: Intimidation

          >"At that point they can either behave like compliant and loyal citizens or we will grind them into the dirt"

          Indeed, at that point one can either yield unreservedly to the will of their master and do EXACTLY as told or go to prison.

          Furthermore, in the UK, once the data's recorded, that threat is eternal: The great Tony B Liar promised the mindless fuckwits a "Statute of Limitations" along with all the sinister fascist crap. Some sort of sweetener/softener for those malleable enough to believe/elect him presumably. Well... we got all the sinister fascist crap all right. No sign of any limitations though. Everything they're amassing on you is actionable for the rest of your life.

          Be afraid. Very afraid.

        2. asdf Silver badge
          Thumb Down

          Re: Intimidation

          >everyone could be guilty

          I have heard that is one of the big dangers with law enforcement culture (especially in the US) is the cops slowly get indoctrinated to believe everyone is guilty of something except fellow police of course.

          1. Dan Paul
            Devil

            Re: Intimidation (By the Police and Politicians)

            Hasn't anyone ever told you that the only difference between a cop and a criminal is a badge?

            Same this applies to politicians...only they don't have a badge (yet).

      2. Anonymous Coward
        Anonymous Coward

        Re: Intimidation

        I'm giving you a thumbs up but I still want to point out that 'guilty UNTIL' is part of the problem. It is not 'UNTIL', it is 'UNLESS' !!

        'Until' is a part of the problem because it implies total surveillance can be justified because it is simply a matter of time before a citizen breaks the law and can be punished. This cannot be acceptable under any circumstances as it puts the onus on the person to prove their innocence and goes contrary to how law should work.

    2. Don Jefe
      Unhappy

      Re: Intimidation

      As long as people buy into the fear pushed by governments and media outlets there will never be a free exchange of information. Those who live in fear will happily sail us all down the river.

    3. Phil O'Sophical Silver badge
      Trollface

      Re: Intimidation

      We seem to be all too eager to self-censor in the wake of the revelations and pressures.

      We? Americans, maybe, but not all of us.

      It's one of those bizarre things about the US, people there are adamant that they are the most free and democratic nation on each, yet they are so terrified of their own elected government that they insist on the right to keep guns just in case. Just like they insist on separation of church and state, but put "In God we trust" on their money. Americans have to be the most fundamentally insecure people on earth. Comes of having no history, I suppose.

      1. Vociferous

        Re: Intimidation

        Which country do you think does NOT do this?

        Reminder that the UK has just as draconic surveillance as the US, and is presently installing a Great Firewall to "protect" its citizens from porn. That Sweden and France log everything their citizens do online, and let police search it at leisure. That all of the EU is complicit in PRISM and countless similar schemes.

        So, which country do you live in that is not suppressing freedom in the name of protecting the children/fighting the terrorists/stopping the pirates/hindering hate speech? I'd sure like to know.

      2. This post has been deleted by its author

        1. Tufty Squirrel
          WTF?

          Re: Intimidation

          >> We began trending towards socialism after the "Red Menace" was no longer a threat.

          No, seriously, WTF? The US trending towards /socialism/? You're completely mental.

          1. asdf Silver badge
            FAIL

            Re: Intimidation

            > We began trending towards socialism after the "Red Menace" was no longer a threat.

            Generally people that say such things have never lived in any other country but the US for any amount of time. They are usually quick to point out the one time they went to Mexico for a weekend or perhaps a week tour of London as proof they are well travelled though. Guess the author misses having the Commies to justify his world view.

          2. Vociferous

            Re: Intimidation

            Right-wing americans have no clue whatsoever what socialism/communism is. It's a bit endearing really.

            1. Anonymous Coward
              Flame

              Re: Intimidation

              Left-wing British are just fuckwits. To say they have a clue about anything is... ridiculous.

        2. Drakkenson

          Re: Intimidation Prepare for rambling

          One little correction: you are not a socialist state, and you are nowhere near being one. You do not know what that means, trust me. You are, however, a police state, which is bad enough on its own...

        3. Pat 4
          Thumb Down

          Re: Intimidation

          " We began trending towards socialism after the "Red Menace" was no longer a threat."

          And that right there is a perfect example of the complete and astonishing lack of knowledge and understanding on the part of seemingly educated Americans.

          You... just don't have a clue.

      3. dan1980

        Re: Intimidation

        The American people do not 'insist of separation of church and state'. A great, great many insist that America was founded explicitly as a Christian nation and go to great pains to try to rewrite history to support that view

        1. SDoradus
          Holmes

          Re: Intimidation

          You're not wrong. But in fact there's evidence that the founding fathers were absolutely aware they were founding a secular state.

          This is the wording of the 'Treaty of Peace and Friendship Between the United States and the Bey and Subjects of Tripoli of Barbary';

          "As the government of the United States of America is not in any sense founded on the Christian Religion--as it has itself no character of enmity against the law, religion or tranquility of Musselmen..."

          That was ratified by the legislature in June 1797, and accepted by the executive:

          "Now be it known, that I, John Adams, President of the United States of America, having seen and considered the said treaty do, by and within the consent of the Senate, accept, ratify and confirm the same, and every clause and article thereof." So that's two of the three branches of government.

          Lately the courts made it unanimous with rulings about the pledge of allegiance "under God" wording.

          On the other hand, one curmudgeonly old Catholic Republican of my acquaintance observed that nonetheless, that so-called secular state maintains Chaplains in defiance of the idea that a secular state has no established religion. In fact, he wrote: "... the very session of the Senate that ratified that treaty was opened with solemn prayer by the Chaplain of the Senate, who, I assure you, was a good Protestant Christian clergyman."

    4. Anonymous Coward
      Anonymous Coward

      I' not buying the Groklaw arguments - see the evidence..

      OK, we've been hearing the NSA (and other authorities) have been accessing information for how long now? A decade or so? How often did the news come that the big providers were supplying data?

      Well, let me share something with you, and then see if the Groklaw declaration make sense.

      dig groklaw.net mx

      ;; QUESTION SECTION:

      ;groklaw.net. IN MX

      ;; ANSWER SECTION:

      groklaw.net. 86400 IN MX 20 alt1.aspmx.l.google.com.

      groklaw.net. 86400 IN MX 20 alt2.aspmx.l.google.com.

      groklaw.net. 86400 IN MX 10 aspmx.l.google.com.

      It has been this way for many years, so please stop the sanctimonious BS.

      Facts, fine, BS, no thanks. If Pamela was so epically concerned about privacy she would have used a less exposed provider, but she hasn't. I have a great respect for what she did with Groklaw, but here I'm calling BS. Big time. Not sure whose "cause" she's trying to support here, but she's going about it the wrong way. If she wanted to stop, a lesser argument would have been more honest.

      My apologies if this upsets the fans, but BS annoys me.

      1. Anonymous Coward
        Anonymous Coward

        Re: I' not buying the Groklaw arguments - see the evidence..

        Okay so maybe I'm being dumb but what the hell are you on about?

        1. stephajn

          Re: I' not buying the Groklaw arguments - see the evidence..

          He was looking up what the addresses are for Groklaw's email servers by looking at the MX records of their domain. And what the query shows is that Google is handling email for Groklaw. Google....the same Google that says that anyone using the Internet shouldn't expect privacy.

          1. SDoradus
            Boffin

            A bit pointless

            Nearly all comments to weblogs like Groklaw are in the form of posts/comments like these. But if individuals wanted to co-ordinate projects like transcribing legal documents they had to have some form of email collaboration.

            Not everyone knew how to use PGP, say. The nature of Groklaw was that some of their projects were always going to tick off people in the FBI or NSA, and Jones would have been at the centre of such conversations. But it was thought not to matter. Gmail or Hotmail should have been fine for most purposes. Jones and company were simply scrutinizing companies and governments for their actions in court.

            It's only lately that the need for secure email became clear. To top it all Lavabit and Silent Circle just declared "Guys, we can't tell you why, but there's no secure mail any more".

            Until very recently it didn't matter that the email wasn't secure because it was assumed the constitutional protections against unreasonable search and seizure contained in the 4th amendment would prevent misbehaviour by the authorities. Now it has become clear how concepts like sovereign immunity prevent the executive being held accountable, there's no option but to switch to an extranational secure email provider, which Jones has done. But as documented in the Guardian, and TechDirt, to name but two places, even that is too risky to continue with Groklaw in its present form. See Ken White's Popehat article for more details.

            1. Anonymous Coward
              Anonymous Coward

              Re: A bit pointless

              Nearly all comments to weblogs like Groklaw are in the form of posts/comments like these. But if individuals wanted to co-ordinate projects like transcribing legal documents they had to have some form of email collaboration.

              Actually, we're building systems for that (mainly for diplomatic use), but we found that email was inefficient. You're better off with a combination of bulletin-board style commenting and doc control with versioning.

        2. AJ MacLeod

          Re: I' not buying the Groklaw arguments - see the evidence..

          Not necessarily dumb, but this is an IT site... the post is indicating that Groklaw has been using Google to supply their email services.

          Since Google has always made it plain that there is no expectation of privacy for GMail / Google Apps users, it is slightly odd that Groklaw is now shutting down because their emails are being read by third parties...

          1. Anonymous Coward
            Anonymous Coward

            Re: I' not buying the Groklaw arguments - see the evidence..

            Not sure "Google has always made it plain that there is no expectation of privacy for GMail" is an entirely accurate statement. In fact for a long time Google led people to believe they could be trusted because they "were not evil" -- except, of course, in the fine print.

            I think PJ wanted to make a statement, pure and simple. While I'll miss Groklaw I think she's got every right to do what she did. It's her damn site, her legacy, to manage as she wishes.

            The degree to which we've all been exposed to surveillance both by private business and the government has not always been clear to most people, even those working in the tech business. But what's really got a lot of us concerned isn't the fact that we're being watched, but how carelessly the results of that activity is secured. It seems that the contractors have been given run of the whole show, meaning that a lot of people should be worried that their proprietary business secrets are probably up for sale to the highest bidder. If I were a member of Congress or an executive at a big company that's what would be keeping me up at night -- unless I was already a consumer of that stolen info and using it in my own personal financial planning.

        3. Matt Piechota

          Re: I' not buying the Groklaw arguments - see the evidence..

          "Okay so maybe I'm being dumb but what the hell are you on about?"

          Essentially, if you didn't know about PRISM-like or other schemes (ECHELON, etc.) before Snowden, you weren't paying attention. And if you didn't think Google (who's hosting Groklaw's email based on the MX records) would happily comply with any legal email snooping order, you weren't paying attention.

          Essentially, if Groklaw was *that* worried about privacy they'd have been using a smaller, more security-conscious email provider, or self-hosting mail, requiring PGP keys, or at least having a submission-by-web option.

          Now I don't know any inside info, but it wouldn't surprise me if PJ was bored with it, and this gives a good way to get out while making a statement. There are plenty of ways to continue on if she wanted to.

          1. Anonymous Coward
            Anonymous Coward

            Re: I' not buying the Groklaw arguments - see the evidence..

            Now I don't know any inside info, but it wouldn't surprise me if PJ was bored with it, and this gives a good way to get out while making a statement. There are plenty of ways to continue on if she wanted to.

            Personally, I would respect a message "look guys, I think I've done enough here, thanks for all the fish" much more than some party political message that doesn't stack up with reality. Worse, with her legal knowledge she could have engaged here and start to highlight the issues as a new and seriously important project.

            Did you know that the exact, specific knowledge to properly protect privacy is left out of the privacy expert programmes by the IAPP? Now I'm not a good conspiracy theorist, but it would be easy to suspect a link between that and the fact that the IAPP is a US based organisation.

            So, no, disappointed with Groklaw. There are better ways to end what has been quite a momentous effort, this doesn't do it justice *at all*.

          2. SDoradus
            Thumb Down

            It's not that she's bored.

            The reason "PJ was bored with it" doesn't get traction is that she hived off most of the boring bits to Professor Mark Webbink some time back.

      2. Mike Banahan

        Re: I' not buying the Groklaw arguments - see the evidence..

        Apart from the fact that all SMTP based email systems expose the mail headers, so From: To: and Subject: in particular give a lot away about your communication, it's entirely possible to conduct S/MIME or PGP/GPG encrypted email conversations via Gmail using a client like, say, Thunderbird. True, you can't read the encrypted messages through the web interface but that's just something you live with. Thunderbird works well with both encryption standards and unless you are likely to be approached by the authorities with a demand to yield up your keys and passphrases, should be good enough for a lot of peoples' confidentiality needs.

        Whether Groklaw routinely did that I can't say, but personally I'd feel a lot happier using Thunderbird with Enigmail and a 'no privacy' email provider like Gmail than not encrypting my mails and trusting the email provider to do it for me. But you do have to watch the Subject line, you can give a lot away through that.

        Of course, your correspondent has to have enough of a clue to agree to use encryption, and that's probably the stumbling block until more are educated about what to do.

        1. tom dial Silver badge

          Re: I' not buying the Groklaw arguments - see the evidence..

          But: mykolab.com does not provide encryption any more than gmail or yahoo do. Encrypt and put the real subject at the top of the body. I use my ISP's email service, encrypt when I think it useful, and hope that a 512 byte key will provide security for as long as I need it. I've had issues sending email while travelling due to ISP restrictions, but never in downloading.

          It will be a loss if PJ refuses to allow someone else to pick up Groklaw, although it's hard to imagine anyone doing a better job.

          1. SDoradus
            Boffin

            Re: I' not buying the Groklaw arguments - see the evidence..

            You're right, the extra privacy offered by mykolab isn't from encryption which is done in much the same way as you suggest. But mykolab was mentioned in articles dealing with the demise of Lavabit because they are physically out of reach of the US and EU spy agencies:

            "We offer secure email accounts including calenders and address books that synchronize to all your devices. The data is stored in our very own data center in Switzerland and can not be accessed by spy programs such as PRISM, so there will be no spying. There is also no corporate spying, because we show no advertisements. Enjoy the convenience of the Cloud without compromising freedom and openness."

            Also they are planning to offer mail encryption services in the future. From their FAQ:

            "In the future, it might be possible to store you private key in your browser's local storage securely. Then we will offer encryption in the web interface as well."

            1. Anonymous Coward
              Anonymous Coward

              Re: I' not buying the Groklaw arguments - see the evidence..

              Re: I' not buying the Groklaw arguments - see the evidence..

              You're right, the extra privacy offered by mykolab isn't from encryption which is done in much the same way as you suggest. But mykolab was mentioned in articles dealing with the demise of Lavabit because they are physically out of reach of the US and EU spy agencies:

              Mykolab offers you at least a starting point from both a technical and legal perspective. However, those principles also apply to much cheaper providers in Switzerland. Pick any Swiss ISP and you'll be OK (after investigating they are indeed Swiss, and not just a Swiss subsidiary of a US company).

      3. Feldegast
        FAIL

        Google is providing DNS not hosting, check your facts

        the hosting for Groklaw is by ibiblio it says so on the site

        google provides DNS

        1. Malcolm Weir Silver badge
          Thumb Down

          Re: Google is providing DNS not hosting, check your facts

          .... errr, dude, if you're in the IT biz, now would be a good time to either:

          a) retire

          b) take some continuing education.

          According to the actual DNS records, the nameservers are all in the UNC.EDU domain. Not Google.

          Google, though, handles the email hosting.

          Ibilio handles the web hosting (i.e. www.groklaw.net is in fact groklaw.ibilio.org).

          Once again, for emphasis: GOOGLE HANDLES THE EMAIL HOSTING.

          Have a nice retirement...

      4. bailey86

        Re: I' not buying the Groklaw arguments - see the evidence..

        Surely it's not impossible to have secure email; PGP, their own server using SSL etc etc.

        I feel they've been leant on - and this is scary stuff.

      5. SDoradus
        FAIL

        Re: I' not buying the Groklaw arguments - see the evidence..

        You clearly didn't read her closedown post in enough detail. She tried but failed to obtain any other suitably secure email provider. She gave as a parting email address a new one hosted by a Swiss company (MyKolab) - but added that it wasn't really secure enough, given the latest revelations.

        I'd add that it's only been very recently that the extent of Google's compliance with NSA snooping became clear, because Google and others including MS were under gag orders about that. Indeed, the specially cleared techs Google had to hire to work with the NSA enforcers were not even allowed to discuss their work with their bosses. Google and MS were almost as much in the dark as the rest of us.

      6. Anonymous Coward
        Anonymous Coward

        Re: I' not buying the Groklaw arguments - see the evidence..

        Exactly, if some of the people who purport to stand up for rights and freedoms openly show how spineless they really are by just giving up and running away; it makes you wonder how sincere and committed they were in the first place.

        This is just what the governments and security services want. Well done Pamela Jones, they may give you a medal for your service to their cause.

      7. dan1980
        Megaphone

        Re: I' not buying the Groklaw arguments - see the evidence..

        @AC 14:58

        Okay, great - e-mail for the groklaw.net domain is hosted with Google (at least at the time you looked at those records).

        That's a fact, based on the DNS information you have presented. But, to get from:

        "E-mail for 'groklaw.net' is hosted with Google"

        to:

        "Pamela Jones is dishonest and full of shit"

        requires two very large assumptions: that Pamela Jones and the Groklaw team used the easily identifiable (you found the details) 'groklaw.net' domain for all confidential e-mail - and that they did so without the use of any security in their e-mail client(s). As opposed to, say, just using the main e-mail for day-to-day stuff and preliminary communications and then using one or more other e-mail addresses (which she doesn't publicly advertise) with one or more secure providers for the important, sensitive communications. For really sensitive e-mails she might even have setup specific, disposable addresses.

        Now, not knowing Pamela or the full details of the Groklaw operation, I can't say that this is the way they did things but the point is that you can't say that it isn't.

        Essentially, there are three facts:

        1. Pamela Jones has cited e-mail privacy/security concerns as the reason for closing down Groklaw.

        2. E-mail for the (publically advertised) groklaw.net domain is currently hosted with Google.

        3. Google has said that there should be no expectation of privacy with their services.

        From those facts, there are several possible conclusions one might draw:

        >> That Ms Jones and the Groklaw team are honest about their focus on privacy but not technically savvy enough to understand the problem presented by hosting e-mail with Google.

        >> That Ms Jones and the Groklaw team are technically savvy enough to understand the problem but are dishonest when it comes to their professed concern for privacy.

        >>That Ms Jones and the Groklaw team are honest about their concern for privacy and technically savvy enough to not only understand the problem with conducting confidential communications via Google e-mail but also actually do something about it and use a secure e-mail client and/or use other, more secure e-mail accounts that aren't publically advertised.

        Given the fantastic, publically-minded service that the Groklaw team has provided, I am inclined to give them the benefit of the doubt in regards to their integrity and honesty.

        Regarding their technical ability, remember also, that Groklaw is not just Ms Jones working off her laptop at home, it is a collection of people with various backgrounds including journalism, law and IT. Also, unless you missed it, the site deals with IT, specifically Linux and other open source endeavours. Given the focus of the site and the spread of people working on it, I find it vanishingly unlikely that they didn't employ a whole range of technical protections to keep e-mail as secure as reasonably possible.

        Even without the IT focus, many in the team are journalists. Now, not all journalists are technical wizards, but I get the distinct impression that any journalist dealing with sensitive information and confidential sources has the resources to call on to mitigate at least some of the risks of modern communication.

        FURTHER, as it is a TEAM, and not just PJ, you are assuming that ALL the people working at Groklaw used the groklaw.net e-mail domain and not their own, privately setup ones.

        I suppose you think that Glenn Greenwald exclusively uses (something like) ggreenwald@theguardian.co.uk for all his communications with Edward Snowden.

        And, even if the journalists themselves didn't do this, the people they are communicating with are often IT insiders who have their own share of technical nous and would likely insist on secure communications.

        Even assuming the ridiculously unlikely proposition that everyone involved in Groklaw exclusively used @groklaw.net for all communications, PJ specifically mentioned in her post the following:

        "If it's encrypted, they keep it for five years, presumably in the hopes of tech advancing to be able to decrypt it against your will and without your knowledge."

        That you have decided to choose the explanation that assumes the worst about the conduct and motives of Pamela and her team says far more about you than it does about her.

        Sorry for the TL;DR but when I tell someone they have been a nasty, narrow-minded git, I don't tend to do it lightly.

        1. Anonymous Coward
          Anonymous Coward

          Re: I' not buying the Groklaw arguments - see the evidence..

          to get from: "E-mail for 'groklaw.net' is hosted with Google"

          to: "Pamela Jones is dishonest and full of shit"

          requires two very large assumptions

          No, it doesn't. It requires a serious comprehensive reading deficiency on your behalf. I simply stated that I didn't buy the argument because to me there was a disconnect between currently expressed sentiment and the long term facts. I made no assumptions (they are 100% yours, and you are thus responsible for your own defective conclusion), I merely stated that *I* did not buy the explanation because of the facts on display.

          If there was something in the background, fine - but you have provided zero facts. Based on your approach to reasoning, I would be able to prove that you ritually burn children for breakfast because I can drag in all sorts of assumptions and then make statements about them in the manner you waffle on about a statement I made nor implied: Pamela Jones is dishonest and full of shit.

          I never make such statements. They are emotional, not factual, idiotic and impolite.

          I demonstrated a clear discrepancy, on the basis of which I flagged the reason stated as incongruent with the real world facts. If you don't like that, tough. Facts have an ugly habit of remaining facts, even if they not fit into your wishful thinking. You could have argued that this might not have been used in general, fine, but where is the evidence? Why is the only email address available the Gmail one? Why is there not even a public GPG key if everyone on the site is reasonably well technically versed? Strictly factual, the argument does not fit the facts. Simple, end of story. If you see that as a slight on PJ you really need to seek professional help.

          Sorry for the TL;DR but when I tell someone they have been a nasty, narrow-minded git, I don't tend to do it lightly.

          Sorry for the TL;DR, but if you insist on providing the evidence for your inability to read you deserve the feedback. Have a nice year, and please don't take your aura near anything important.

  2. Duncan Macdonald Silver badge

    A Sad Day

    Another sad day for humanity. Groklaw helped keep some of the law clean by exposing it to the light of truth. Will anyone else be able to do a similar job in future - I doubt it.

    1. DaLo

      More to it than what was stated?

      Groklaw is/was a truly brilliant site. The dedication shown by PJ is astonishing with time and attention to detail.

      It was one of the few places that was able to counteract the shills like FossPatents spreading their FUD.

      However shutting it down just allows a win for the companies that would love an dhave tried to have it shut down for years.

      However, I just can't help feeling that this was an excuse rather than a reason to shut it down. PJ has been trying for a while to remove herself from Groklaw (and I really don't blame her, the work load must be tremendous). She 'resigned' a while ago but after protests it was taken over by Mark, but I'm guessing the demands of the site meant he couldn't continue with it, so PJ starting writing more and more articles for it again.

      This is probably why the comments have been closed so there is no more "outcry". It's a shame for sure, and SCO isn't even finished yet, but it was way too much for one person.

      1. JimC Silver badge

        Re: More to it than what was stated?

        Rather my feeling. I also think they lost their way a whole back, what with all the Google worship too. That created a credibility problem for me.

      2. Tom 7 Silver badge

        Re: More to it than what was stated?

        It not that Mark was particularly deficient in anyway I think PJ just couldn't leave it alone - with Groklaw there it probably felt like a black hole continuously sucking her in.

        The site desperately needs to keep going in some form or other but I cant blame here for getting out while she's still got some life left in her.

        She has set the bar very high for anyone to follow and the shitty governments on either side of the pond are making it very difficult but there really is too much to lose here to make it not worth trying.

        But how?

    2. tiger99
      Unhappy

      Re: A Sad Day

      Yes, Groklaw has on many occasions exposed the dishonest and dishonourable in the software industry, and has been a vital source of education on such things as why software patents don't work and should not be allowed. PJ maintained very high standards of accuracy, integrity and general politeness, more so than any other blog that I have seen.

      Right now I think there will be great merriment in Redmond and Cupertino, homes of two of the most corrupt and obnoxious abusers of the patent system and other laws. The rest of the world will be feeling a great loss, the end of an era.

      1. eulampios

        Exacltly my sentiment

        A sad day indeed. Giving it all up for groklaw might be devastating and would eventually hurt free software and freedom in general. I don't know, perhaps it's just a momentary breakdown of Pamela, and she'll come back, but one should be certain that there will be plenty of partying going on around the world. NSA, Microsoft, Apple, Oracle and other patent trolls will sure chip in for the celebrations.

  3. Anonymous Coward
    Anonymous Coward

    About the only thing email is good for now is sharing amusing pictures of cats.

    Won't be long before the US catches up with the UK and installs more CCTV cameras.

    Do CCTV cameras have sound recording? I can only assume that a huge network of microphones recording what people say will be next on the agenda.

    1. jonathanb Silver badge

      Some do have microphones, but most don't. It isn't so easy to pick up a conversation from all the background noise and other conversations.

    2. Vociferous

      I've heard about plans to install grids of microphones in some cities in the USA to instantly triangulate gunshots. I expect the only reason the UK doesn't already do this is because guns are rare, most violence is fists/knives.

      1. Anonymous Coward
        Anonymous Coward

        Birmingham has had a gunshot locator system for 3 years in 2 areas, Aston & Handsworth.

        www.techweekeurope.co.uk/news/birmingham-gun-crimes-should-be-heard-if-not-seen-15498

    3. Anonymous Coward
      Anonymous Coward

      Smartphones?

      "Do CCTV cameras have sound recording? I can only assume that a huge network of microphones recording what people say will be next on the agenda."

      If you REALLY want to give full rein to your paranoid side: how many of us own a smartphone of some description, and/or take it with them almost everywhere they go?

      I thought the other day: how easy would it be TECHNICALLY for Apple, Google, Microsoft et al, to introduce a back-door into iDevices, Android machines, Windows Phones, etc. so that they could turn on the camera(s) and/or microphone and access what they picked up? (Remember the Doctor Who story "The Bells Of St John"? Instant blanket surveillance nets.)

      Yes, there are supposed to be all these laws and stuff in place to stop it, but as we've been seeing increasingly, what does that mean any more?

      ...and don't get me On One about smart TVs with built-in cameras. Not to sound like a paranoid old fart or anything, but... does the word "telescreens" mean anything to people?

      Shame ACs can't choose the "black helicopter" icon, but I'm not sure I want to write stuff like this with my username any more...

      1. Anonymous Coward
        Black Helicopters

        Re: Smartphones?

        AC's can't use the Black Helicopter Icon? I humbly disagree and present evidence to prove my case.

        See icon :)

      2. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Smartphones?

        ...how easy would it be... to introduce a back-door... that they could turn on the camera(s) and/or microphone and access what they picked up?

        Not terribly. Complicity by service providers is not required, but makes it easier. For example, packaging the spyware as a game which interacts with the environment would be simple way to get lots of people to install this themselves. Warnings that the app requests permission to use the camera likely would be ignored even by people who bothered to read the EULA.

      3. Anonymous Coward
        Anonymous Coward

        Re: Smartphones?

        >Shame ACs can't choose the "black helicopter" icon, but I'm not sure I want to write stuff like this with my username any more...

        What? You think the righteous shield of El Reg and the magic mask of Guy Fawkes will protect you?

        Methinks not!

        In fact, for the optimum blend of spookieness, El Reg is based in Blighted and subject to blighted laws, while the servers hang out in San Antonio, Peoples Republic of UNSA

        Dear Reg, Have you ever opened your database(s) to GCHQ, MI5/6, NSA, or any other agency of any government, including secret orders from secret courts which you're not allowed to tell anyone about? (obviously not expecting an honest answer!)

        AC to keep the spooks away.

        1. Anonymous Coward
          Anonymous Coward

          Re: Smartphones?

          AC to keep the spooks away

          Sigh. Please don't tell me that you actually believe that an A/C post offers any protection.

          1. TechnicalBen Silver badge
            Joke

            Re: Smartphones?

            They meant "spooky" internet trolls... they already believe the NSA is "in their heads". ;)

      4. heyrick Silver badge
        Big Brother

        Re: Smartphones?

        "I thought the other day: how easy would it be TECHNICALLY for Apple, Google, Microsoft et al, to introduce a back-door into iDevices, Android machines, Windows Phones, etc. so that they could turn on the camera(s) and/or microphone and access what they picked up?"

        Google maybe already does. My phone's camera makes a little clicking noise when I turn it off, like maybe the focus lens collapsing back to the home position.

        I hear this noise from time to time when looking at stuff in the app store Market Play.

        I have no evidence of photos being collected and/or sent anywhere - but it seems mighty suspicious for the camera lens click to happen when I'm not actually using the camera, wouldn't you agree?

      5. Vociferous

        Re: Smartphones?

        > how easy would it be TECHNICALLY for Apple, Google, Microsoft et al, to introduce a back-door into iDevices, Android machines, Windows Phones, etc

        Oh, that's old hat: http://abcnews.go.com/blogs/headlines/2006/12/can_you_hear_me/

      6. Anonymous Coward
        Anonymous Coward

        Re: Smartphones?

        I remember from my time working at Motorola (around 10 years ago) that the code for remote enabling of the microphone existed in at least one mobile phone. (It also exists in OnStar, the auto security | car safety | navigation system popular in the US.) The only way to be sure that no one is listening is to disconnect the battery*.

        *where possible

      7. Dan Paul
        Big Brother

        Re: Smartphones?

        There are already app's that will turn a smartphone into a "crowdsourced remote video surveillance system" I have seen the demo's myself. This tech is being used now by various police departments to allow remote viewing of small cameras mounted on police vests, guns, tasers so there is a legal record of their use.

        It is not difficult to make the jump from purchased apps with that capability to the technology being surreptitiously embedded in the firmware of any smartphone.

        Extrapolating on that line of reasoning takes us to Orwellian on steroids future where all "citizens" wiil be required to have one on their person at all times or perhaps surgically implanted in their bodies so there can be nothing that remains private or unobservable.

  4. wowfood

    Does anyone else

    Think of the fascist police state from 'V for Vendetta' when they read about the NSA actions etc?

    1. John G Imrie Silver badge

      No I don't think that

      Any one who thinks that must be a Muslim or a Homosexual or a Terrorist.

      England Prevails

      This message brought to you by the Office of Chancellor Sutler

      1. Anonymous Coward
        Anonymous Coward

        Re: No I don't think that

        @John G Imrie: So, you've seen the film, not read the book then?

        1. John G Imrie Silver badge

          Re: No I don't think that

          Actually I've done both but I remembered that from the film and it seamed appropriate.

    2. Chris Ridley
      Unhappy

      Re: Does anyone else

      "Think of the fascist police state from 'V for Vendetta' when they read about the NSA actions etc?"

      Actually I thought more of the extreme totalitarian world government of Neal Asher's "The Owner" series http://www.theregister.co.uk/Design/graphics/icons/comment/unhappy_32.png

  5. Anonymous Coward
    Anonymous Coward

    I'm not happy Groklaw's shutting down, but has this only just occurred to her now? That email isn't a secure way to exchange information? To someone running a legal site, ON THE INTERNET? Really?

    1. Anonymous Coward
      Anonymous Coward

      Law makers said they previously only collected metadata, email date and times, subjects and addresses.

      1. b0llchit
        Big Brother

        Guilt by association

        That is called establishing "guilt by association".

        Everybody in the world is guilty of "something" when you dig far enough. Once you "associate", you are subject to scrutiny and will be proven guilty of any "something". Just to make a point that you should not "associate" but only "behave".

        Such system is also called a repressive surveillance regime and we have plenty of examples through history and contemporary.

      2. Test Man
        Thumb Up

        "Law makers said they previously only collected metadata, email date and times, subjects and addresses."

        Makes no difference, everyone knows that e-mail is de facto unsecure. Encryption doesn't change that. If she had any brains, she'd know that - the fact is e-mails, encrypted or not, pass through several servers so you clearly cannot consider it secure any more than you can consider the post office system secure.

        1. Don Jefe

          There has long been the assumption and the assurance from governments that unless you were under investigation you weren't under surveillance. That's been proven untrue and governments are gathering data to use against you in case you ever come under investigation.

          It is a really, really big difference. I hope you can see what the problem is.

          1. Anonymous Coward
            Anonymous Coward

            "It is a really, really big difference. I hope you can see what the problem is."

            You're entirely missing the point. Email is not secure. Never has been, isn't designed to be.

            If you're working in the legal field, ON THE INTERNET, and you don't know that...

            The government are looking at her emails, via the NSA, if they feel like doing so. Everyone who thought about it for two seconds always assumed that anyway, it's just been confirmed. If you believed otherwise, you're hopelessly niaive.

            So is anyone working at an ISP who feels like it.

            Email IS NOT SECURE. I hope you can see what the problem is.

            1. Don Jefe

              Until evidence was available to prove otherwise the inherent insecurities of email were only a problem if someone was actively spying on you. A situation that, in reality, applies to very, very few people (even though they'd like to believe otherwise).

              Once we learned, not guessed or had paranoia about it, that the government was spying on everyone, the situation changed and email insecurities became a realistic problem.

              You're confusing technical and government policy issues.

              1. Vociferous

                > You're confusing technical and government policy issues.

                No, he isn't. He's correctly stating that email is and has always been trivial to spy on, and that no one should ever have expected privacy in email. Any source of data which is trivial to spy upon is 100% guaranteed to get spied upon, it's simply the way it works.

                1. Anonymous Coward
                  Anonymous Coward

                  Tinfoil hat no longer optional

                  "Any source of data which is trivial to spy upon is 100% guaranteed to get spied upon, it's simply the way it works."

                  Until recently you'd have been accused of being a paranoid conspiracy theory merchant for making a claim like that.

                  We were all told that we could trust "the powers that be", and that if we had nothing to hide we had nothing to fear, even in the unlikely event that our communications (and not just metadata) were being intercepted unintentionally.

                  Incidentally, is X.400 email (designed from the ground up for confidentiality and trustworthiness) any better than the dinosaur-era SMTP/POP standards are in the current problem areas?

                  If so, where can I find a secure X.400 provider?

                  [X.400 used to be used for battlefield email in preference to SMTP/POP. Does that give anyone a clue?]

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Tinfoil hat no longer optional

                    If so, where can I find a secure X.400 provider?

                    [X.400 used to be used for battlefield email in preference to SMTP/POP. Does that give anyone a clue?]

                    [shudder] Please don't. X400 may be secure, but if you really need secure comms let me know - we CAN provide secure email. To give you an idea of the cost and efficiency delta between X400 and Internet email, I was involved in email conversions and one gov department had an ROI on their costs in one single month, and suddenly had an almost instant service rather than accepting a week (yes, WEEK) delivery time via their (major telco) gateway. This was a department with 4000+ email accounts.

                    As far as I can tell, X400's main security was provided by not delivering the messages at all...

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Tinfoil hat no longer optional

                      " week (yes, WEEK) delivery time via their (major telco) gateway."

                      What do you expect with BT as the supplier? (Would that be the correct guess?)

                      Other folk managed to do it rather better.

                      Email designed (not bandaided) to support mail content a bit more complex than 7bit plaintext.

                      Email that can be encrypted (by design).

                      Email that can be verified to be untampered (by design) even when not encrypted.

                      Email that has proof of delivery and proof of reading capabilities. By design.

                      Etc.

                      What's not to like?

                      But I do entirely sympathise if your only x.400 experience has been with Telecom Gold or similar.

                      1. heyrick Silver badge

                        Re: Tinfoil hat no longer optional

                        "Email that has proof of delivery and proof of reading capabilities. By design."

                        No it doesn't.

                        It has an option to "request" a statement to be sent back when the message has been read. A statement that I have had back from automated systems, and a statement that my mail software is configured not to send.

                        It is a courtesy, like the "priority" header. It is nothing more, and it is certainly not proof of anything other than "the machine that sent this response received the message".

                      2. Anonymous Coward
                        Anonymous Coward

                        Re: Tinfoil hat no longer optional

                        Re: Tinfoil hat no longer optional

                        " week (yes, WEEK) delivery time via their (major telco) gateway."

                        What do you expect with BT as the supplier? (Would that be the correct guess?)

                        Yup. You're probably right - that experience was sufficiently traumatic to avoid X400 after that - I remember being impressed with BT that they actually managed to get a client to sign up for a service which billed per message, even when the majority of the messages never got further than the gateway.

                        I disagree with the "email can never be secure" statement - I have disproved this many times over in a government and even military setting, but a degree of precision in the definition of the threat is required: secure from what? Technically it's not overly complex, but legally you have an issue. It is a fact that EVERY nation, without exception, has intercept laws in place that can compel providers to open up.

                        What every single one of you is trying to address with technology is in essence a legal problem, and you cannot secure email from lawful processes. What you can do is choose the legal processes you want to be exposed to, and manage the residual risk. This starts with leaving the US.

                        Obama and friends can make statements as much as they want and be lobbied by all and sundry, the fact remains that the current situation is a serious mess, and it won't be fixed overnight because there are too many people making money off it. Turning back the clock on abuse is as hard as addressing corruption: it will take decades. Regaining the trust from others will take even longer, if at all possible..

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: Tinfoil hat no longer optional

                          "What you can do is choose the legal processes you want to be exposed to"

                          Oh is it you again?

                          I will repeat the questions I asked earlier, in case I missed the answers last time).

                          1) What do you propose to do if the law is changed via due democratic process in a way that doesn't suit your operation?

                          2) What do you propose to do if the powers that be choose to ignore the law and go their own way?

                          Not hypothetical questions, not any more.

                          1. Anonymous Coward
                            Anonymous Coward

                            Re: Tinfoil hat no longer optional

                            1) What do you propose to do if the law is changed via due democratic process in a way that doesn't suit your operation?

                            2) What do you propose to do if the powers that be choose to ignore the law and go their own way?

                            Not hypothetical questions, not any more.

                            Well, this is where you start with selecting a nation that is indeed a democracy. People who actually have effect on how the nation works tend to be more involved in what happens politically - you can see evidence of the reverse in the US where a voter only gets to choose which specific robber baron gets to "represent" them, but have ZERO direct influence in law making - hence the current mess.

                            Now, specifically:

                            1 - fair point - at that point we have to adjust. But laws in a true democracy are actually a lot more stable because you cannot just buy your way. A classic example of this is Google which is now under assault in practically every nation in the EU because they thought they could do it "the American way", i.e. throw buckets of money at it and just buy the laws they need or lobby themselves out of trouble (I will again make the observation that it's IDENTICAL to what Microsoft tried to do in the EU - it's uncanny how their MO mirrors Microsoft). It isn't working *at all*, leading to the recent epic mistake of declaring themselves sovereign over UK law.

                            2 - I actually come from the legal intercept side, you could call me a gamekeeper turned poacher. If you have a nation that is democratic, a breach of rights is accompanied by proper controls so that the rights of the individual are protected. If the locals do no follow the law themselves, that has consequences ranging from civil to criminal and political - intercept as a government process does follow a certain pattern you can influence. But you are talking about theory - I prefer to go where the facts meet the road. At this moment in time, it IS possible to protect people, but it's not the main problem.

                            The main problem is that people, despite NSA events, are still not aware of what the impact of all these privacy violations are. They are numb, brainwashed and straightforward lied to (try reading the Gmail "help", for instance, as an example how BS deludes the user into giving away their personal details to an organisation that has no choice but to assist with uncontrolled invasions of privacy). In our experience, the main people that are dead hot on protecting themselves are the ones that have been burned already through identity theft, journalistic privacy invasion and hacking. This is an issue that is hard to fix as it's the result of years of brainwashing.

                  2. heyrick Silver badge
                    Black Helicopters

                    Re: Tinfoil hat no longer optional

                    "Until recently you'd have been accused of being a paranoid conspiracy theory merchant for making a claim like that."

                    Not so much these days with so many public WiFi hotspots that are unencrypted by their very nature. This isn't to say that encryption is secure, but rather anybody with a decent WiFi card and data sniffer can pluck your plaintext emails right out of the air. Plus your signin credentials and passwords. Plus your non-HTTPS browsing history (and guess at the HTTPS ones by seeing what domain resolving lookups were performed), plus every single byte of every single web page (did you sign in to El Reg on a public network? you'll note it isn't HTTPS...).

                    Potentially, not just you but every single user on that open AP.

                    This isn't tin foil hat, this is reality. And if some bored nerd can do this, imagine what those who run/fund/control the system can do...

                    Yeah, the basic line is - it is not private or secure. Not web pages, not emails, none of that stuff. And if you are in the UK, password protecting stuff for your own privacy is no longer an option when you can be "compelled" to reveal your passwords rendering something that should be secure to be about as useful as email in the long run.

                    They have us over a barrel now. Didn't you realise?

              2. Tom 38 Silver badge

                The way I've always understood and explained it to people is that sending an email is like sending a postcard, everyone along the way knows who it is sent from, who it is sent to, and can look at the contents if they so choose, and a government can as easily insert themselves into an internet exchange as they can a sorting office.

                This is not new, this should not be a surprise to internet users, and yet the kerfuffle when it was confirmed that the intelligence services do do this…

                I still don't see how the realization that email is insecure implies the shut down of groklaw.

              3. Anonymous Coward
                Anonymous Coward

                "Until evidence was available to prove otherwise the inherent insecurities of email were only a problem if someone was actively spying on you. A situation that, in reality, applies to very, very few people (even though they'd like to believe otherwise).

                Once we learned, not guessed or had paranoia about it, that the government was spying on everyone, the situation changed and email insecurities became a realistic problem."

                Err, no.

                Basically you had your head in the sand singing "la la la la la, will never happen to me", while it kept on happening, regularly, and you were unaware of it.

                I accidentally read part of an email in a packet capture I took on a network device earlier today. I wasn't actively spying on the user, and when I realised I'd followed the wrong stream, I stopped reading. This is fact, I'm afraid, not your guess at what reality is.

                Email IS NOT SECURE, BY DESIGN.

                It never has been.

                The difference now is simply that YOU finally appreciate that. That's all. Your lack of knowledge prior to the NSA stories breaking does not change the fact that using email to exchange confidential legal information has always been a bad idea. It didn't become a bad idea, post NSA story breaking.

                Furthermore - a site like Groklaw should assume that people ARE spy on their email, because chances are it's quite interesting, to a certain audience.

                Yet another way to put this, if it helps, regarding your opinion that "the inherent insecurities of email were only a problem if someone was actively spying on you. A situation that, in reality, applies to very, very few people" - Please provide any evidence you have to support the idea that this applies to very very few people. Why do you think that? Based on what facts, what data, what research?

                It's just your guess, and not a very good guess.

                1. Don Jefe
                  Stop

                  In a paranoid conspiracy, the burden of proof is on the paranoid. So where's your proof that prior to the NSA related leaks that you, or anyone you know, was having their email intercepted?

                  1. Anonymous Coward
                    Anonymous Coward

                    I've already told you - I have personally, today, read other user's email, by mistake, while doing packet captures on network devices I was working on.

                    In previous positions I've seen other email, working on other network devices.

                    This does happen, I know it does. Because email is insecure, this is simply fact, it will always happen. I'm not even trying to read their mail, mail is just plain text, so it happens.

                    You're free to disbelieve me if you like, that's your prerogative, but I genuinely don't care about proving this to be true, to you. If you choose to stick your head in the sand, go for it, matters not at all to me.

                    Besides, you made the assertion that your email being read by others "A situation that, in reality, applies to very, very few people".

                    It's up to you to back up that statement, or it's meaningless. If you can't back it up, you just imagine that's the truth, with no evidence. Which is fine, you're free to do so, but it's just your guess.

                    This isn't a paranoid conspiracy, it's people saying "Email isn't secure enough to exchange legal information", and you, bizarrely, arguing that didn't matter until the NSA were proven to be intercepting mail from all kinds of people. Err, yes, it did matter before then.

                  2. Tom 38 Silver badge

                    So where's your proof that prior to the NSA related leaks that you, or anyone you know, was having their email intercepted?

                    Well, my proof is that the security services in Britain have routinely been listening in to the worlds communications ever since world communications were invented (and largely routed through the UK). It is no coincidence that GCHQ have an outpost in Bude where a lot of the transatlantic internet (and before that, telegraph) cables come ashore. Here's a quote from a book on this topic:

                    Additionally, it read all cable traffic entering and leaving Britain. At first, this was arranged on a private basis. At the time, there were only three cable companies operating in Britain: C&W, which was owned by the British government so presented no problem, and the two American cable companies, the Commercial Cable Postal Telegraph Company and Western Union, who did not acquiesce so easily. The tacit threat of having their operating licenses removed was required before they agreed to cooperate with GCCS and and let it see their messages each day.

                    In December 1920, during a US Senate Sub-Committee hearing … one of the cable companies publicly revealed the duress under which it had been placed by the British Government. Acutely embarrassed by this unexpected disclosure, the British government hastily added a clause to the 1911 Official Secrets Act giving it the right to see copies of all cables if an emergency existed. (excerpt from The Intelligence Game by James Rusbridger)

                    This stuff has always gone on. With optical cables being trivial to tap and email being trivial to intercept from a tapped feed, what kind of naïf must you be to consider that the security services aren't looking at them?

              4. tom dial Silver badge

                I think a more accurate description would be that the government is capturing the data, and holding it for a period of uncertain length, that would enable spying on everyone. The entire federal security establishment does not employ enough civil servants and contractors to effectively spy on the entire remainder of the world, or even the U. S. only.

                While I am not aware of any significant misuse, the very fact that potentially abusable data is being collected requires that we examine the real controls and possible (but yet publicly unproved) utility of the various programs and modify them accordingly. The potential for misuse is enormous, and police agencies have long been known to exceed proper bounds on occasion.

            2. Anonymous Coward
              Anonymous Coward

              Incomplete sentence.

              Email IS NOT SECURE without extra measures

              Those measures are not just technical, BTW, which is the flaw in the story that Lavabit and Silent Circle were trying to sell their public. So they got bitten by an issue that has existed from before 9/11. Duh.

            3. tom dial Silver badge

              Email is not secure: Check.

              Legal field, on the internet, and don't know that: Check.

              Looking at emails, via the NSA, if they feel like: not proved, and the leaked evidence does not support that it is done on anything like a routine basis. The rules say to not do that, and bureaucrats tend to follow the rules. However, it is afer to assume someone will overstep.

              Any administrator in an ISP who feels like it: Check.

              Encryption is indicated for messages that wouldn't be good on a postcard.

              1. Anonymous Coward
                Anonymous Coward

                " The rules say to not do that, and bureaucrats tend to follow the rules."

                Sorry, which "rules" say "don't do that"? They actually say "we're vague enough that you can justify doing this if you feel like it", from what I can tell.

        2. Anonymous Coward
          Anonymous Coward

          There is a very obvious different between sending emails in plaintext and having them intercepted and between using a service like Lavabit and (if you read between the lines) realizing that in addition to headers the spooks are lining up to demand backdoor access.

          Pamela Jones has plenty of brains. She hasn't been using regular plaintext email given she's referring directly to the Lavabit fiasco.

          1. This post has been deleted by its author

          2. Anonymous Coward
            Anonymous Coward

            "Pamela Jones has plenty of brains. She hasn't been using regular plaintext email given she's referring directly to the Lavabit fiasco."

            Well ... point me to somewhere on the Groklaw site that explains how to send encrypted email to PJ or Groklaw. I can't find anything.

            I *can* find a "Contact PJ" link, on the front page, with a picture of an envelope with "Email PJ" written on it, that's a mailto link for PJ@Groklaw.net

            In other words, unencrypted email.

            There's no obvious evidence Groklaw encouraged you to encrypt email conversations with them.

      3. Anonymous Coward
        Anonymous Coward

        Fear of exposure?

        "Law makers said they previously only collected metadata, email date and times, subjects and addresses."

        She is probably worried that what she actually emailed to John Gabriel, warmcat, IBM, et al might finally be revealed.

  6. Pen-y-gors Silver badge

    There are some brilliant technical minds out there

    Hopefully some of them will be putting some serious thought into developing a truly secure e-mail replacement (for hosting outside US and UK jurisdiction)

    Thankfully GCHQ don't employ brilliant technical minds - or they would be aware that it's possible to make copies of data on hard drives.

    1. chriswakey

      Re: There are some brilliant technical minds out there

      "Hopefully some of them will be putting some serious thought into developing a truly secure e-mail replacement (for hosting outside US and UK jurisdiction)"

      Wouldn't matter, as soon as the email hit a UK/US ISP, the respective governments could/would require you to hand over the decryption key.

      All your private communications belong to the Gov. You just are allowed to think it's actually private.

    2. James Hughes 1

      Re: There are some brilliant technical minds out there

      Indeed. Can the NSA crack state of the art encryption in a sensible timescale? Surely Groklaw just needs to publish a public key for people to use? If everyone uses it, no-one would be able to decrypt it all.

      Or she could use the physical mail system perhaps?

      1. Don Jefe
        Meh

        Re: There are some brilliant technical minds out there

        No one really knows the NSA's true capabilities; that's the problem. Encryption may be a waste of time/false security or it may be really useful, nobody knows. They can guess and assume, but there is zero proof either way.

        There's definitely more going on than they own up to. Remember, Internet Explorer used to fall under Export Control laws meant for weapons and dangerous technology because of its built in SSL support. It isn't anymore; why?

        1. heyrick Silver badge

          Re: There are some brilliant technical minds out there

          "Remember, Internet Explorer used to fall under Export Control laws meant for weapons and dangerous technology because of its built in SSL support. It isn't anymore; why?"

          The same reason that France used to have some ridiculous law that banned personal encryption of any sort that was worth a damn.

          Money talks.

          If the Americans devise an encryption system for electronic commerce and then say "the world can have the piss-poor version, we're keeping the good stuff", then the world's best option is to devise an equally strong option and not share it with the Americans. Or in the case of France, be stuck with Minitel forever.

          Nothing kills commerce like some technical waffle getting in the way. So in the end money won out and this stuff was opened up. What else d'you expect from a capitalist country? (^_^)

          1. tom dial Silver badge

            Re: There are some brilliant technical minds out there

            That, and also the fact that perfectly good high grade encryption became widely available outside the U. S. The paranoid among us might conclude that export regulations were relaxed to allow weak or backdoor trapped algorithms to swamp the good ones, but that's doubtful.

      2. Vociferous

        Re: There are some brilliant technical minds out there

        > Can the NSA crack state of the art encryption in a sensible timescale?

        Possibly.

        The US security establishment have resources way beyond any civilian corporation, both in hardware and expertise, you can safely assume they're the best in the world wrt crypto. They even have working quantum computers (at least two bought from D-Wave for evaluation, and almost certainly more developed in-house), although I do not know if they're used to crack code.

        I have never worked for the NSA and have no insight into their operations, but you can safely assume that their capabilities are significantly greater than anyone elses, and likely radically so.

        1. Anonymous Coward
          Anonymous Coward

          Re: "working quantum computers"

          On another occasion, it would be interesting to have a discussion on whether "working quantum computers" actually exist, and if they do exist, whether they have any interesting uses outside the world of VCs and IPOs.

          (With particular reference to the awful BBC Horizon "hackers" movie shown last night).

          1. Stephen Gray
            FAIL

            Re: "working quantum computers"

            You think Horizon is a movie? Fail.

            1. Tom 38 Silver badge

              Re: "working quantum computers"

              Horizon stopped being made in the 90s. Now it's just a bunch of twats who talk down to us, and repeat the same thing over and over again for indoctrination effects - tell them what you're going to tell them, tell them it, tell them what you just told them.

            2. Steven Raith
              Joke

              Re: "working quantum computers"/Horizon

              Well, it is often full of woeful inaccuracies and seems to be based in a fictional/fantasy world that is similar, but not quite the same, as our own.

              Steven R

            3. Anonymous Coward
              Anonymous Coward

              Re: "working quantum computers"

              "You think Horizon is a movie? Fail."

              Whhooosh (as the young folk apparently say).

              Me, I'm old enough to remember when Horizon was often a decent science/technology documentary. Not now though. "Movie" seemed close enough.

          2. Anonymous Coward
            Anonymous Coward

            Re: "working quantum computers"

            " it would be interesting to have a discussion on whether "working quantum computers" actually exist,"

            Surely they both do and don't?

          3. heyrick Silver badge
            Happy

            Re: "working quantum computers"

            By strange co-incidence, I watched "Hackers" (the movie) last night. I can forgive a lot of bull as: a) it was a movie; and b) actual hackingcracking is terminally boring for most spectators. Trying to cause one symbol character prompt to turn into a different one isn't something that sounds like a box office draw.

            But while I laughed at the bleating over those totally rad[*] specs (active matrix, a million colours, P6 chip, PCI bus, and a mind-blowingly fast 28k8 modem!!!), I laughed hysterically at the spinning phone booth montage.

            Forget Horizon, there's probably more reality in the movie, and - hey - who wouldn't want a chance to hack a Gibson? ;)

            * - Yes, I know calling stuff "rad" is woefully dated. That's the point.

          4. Vociferous

            Re: "working quantum computers"

            True, it depends on what constitutes a "quantum computer", but machines which at least kinda-sorta are quantum computers area today commercially available (google D-Wave).

    3. Anonymous Coward
      Anonymous Coward

      Re: There are some brilliant technical minds out there

      Thankfully GCHQ don't employ brilliant technical minds - or they would be aware that it's possible to make copies of data on hard drives.

      They do and they are.

      Most of those minds are almost entirely incapable of life outside the nerdfarm but that just makes them cheaper.;

    4. Roo

      Re: There are some brilliant technical minds out there

      Sorry to burst your bubble but GCHQ have a policy of employing brilliant technical minds, and they have done so for a very long time. They have also shared intelligence with the US authorities for a very long time too, so us Rightpondians are effectively under exactly the same surveillance regime as the Leftpondians. In fact the only real material difference I can discern here in Rightpondia is that there has been more resistance to passing the supporting legislation after the fact.

      From the outside looking in, it looks as if the great and the good are certain that there is going to be a huge amount of unhappiness leading to strife in the near future. Maybe they should get out more instead of hanging out in bunkers with weapons salesmen.

      1. Pen-y-gors Silver badge

        @Roo - Re: There are some brilliant technical minds out there

        If they have brilliant technical minds, why do they seem to think smashing a hard drive destroys all other copies of the data?

        1. nematoad Silver badge
          Unhappy

          Re: @Roo - There are some brilliant technical minds out there

          "why do they seem to think smashing a hard drive destroys all other copies of the data?"

          Try sympathetic magic.

          From Dictionary.com:

          sympathetic magic

          noun

          magic predicated on the belief that one thing or event can affect another at a distance as a consequence of a sympathetic connection between them.

          Nice to see that the Civil service hold onto the old beliefs.

          Maybe they should try trusting the public as well, the CS are obviously willing to believe some strange notions.

        2. Carl

          Re: @Roo - There are some brilliant technical minds out there

          Quantum entanglement lol

        3. Peter Simpson 1
          Holmes

          Re: @Roo - There are some brilliant technical minds out there

          "If they have brilliant technical minds, why do they seem to think..."

          Because, while they do employ many brilliant technical minds, they also employ the not-so-brilliant. And they outsource hard-drive smashing to the Police, who employ include a much smaller percentage of brilliant technical minds.

        4. Anonymous Coward
          Anonymous Coward

          Re: @Roo - There are some brilliant technical minds out there

          Maybe, here's a thought, they don't think is destroys the data on other hard drives, but they're probably pretty confident that it destroys the data on the hard drive smashed.

          What do you suggest they do, say "you might have copied this data, do I'll just leave you with this hard disk" or say "we'll destroy the disk we've got, have you copied it?" Just after reminding the owners that lying to them is a pretty serious offence.

          Then again, they'll be happy to be thought of as bumbling idiots, because if that's the expectation of the people who have the data, their job is a whole lot easier. So, carry on, thinking that, just don't bang on about it here, it's boring.

    5. Anonymous Coward
      Anonymous Coward

      Re: There are some brilliant technical minds out there

      There are some brilliant technical minds out there

      Hopefully some of them will be putting some serious thought into developing a truly secure e-mail replacement (for hosting outside US and UK jurisdiction)

      Done. We'll go live in October (well, we're live now, but testing takes it time if you want to do it right).

  7. jonathanb Silver badge

    I don't understand

    Surely the NSA can find out everything that is going on at Groklaw by visiting the site just like anyone else. It is the sort of thing they do, and it is called open source intelligence. BBC Monitoring in Caversham do it for the UK authorities.

  8. Mephistro Silver badge

    Depressing.

    I hope Mrs. Jones is at least considering reopening Groklaw in a different country, i.e. a country which respects privacy, freedom and it's own laws more than the USA.

    And it seems to be high time that countries, companies and citizens start 'routing around the damage', where 'damage'='the USA', as a temporary measure until the American People clean their own home.

    1. jonathanb Silver badge

      Re: Depressing.

      I don't think it really matters where her hosting provider is. If she is living in the US, she has to comply with American laws.

      1. Phil O'Sophical Silver badge

        Re: Depressing.

        Doesn't matter where she's living, as an American she's expected to comply with US law. Look at how US citizens living abroad still have to file US tax returns. There's no escape from the Land of the Fee.

        1. Don Jefe
          Unhappy

          Re: Depressing.

          It goes further than US citizens abroad having to file tax returns, if you're working in the EU, Russia, Japan, China, South Korea, Indonesia, Saudi Arabia, Dubai, UAE, Kuwait, India, Australia, Canada or most of South America your overseas employer has to report your income back to the US on your behalf.

          The US isn't about to leave that money on the table so they make other governments comply with their laws. If the US can make businesses in other countries comply with US tax laws you can be damn sure they'll make ISP's anywhere bend too.

      2. dave 158

        Re: Depressing.

        SHE has to comply - her 'hairdresser' in another, more tolerant, region wouldn't have to ( although where fairy tale kingdom that is ..... )

      3. Mephistro Silver badge
        Meh

        Re: Depressing. (@ jonathanb)

        "If she is living in the US, she has to comply with American laws."

        Not necessarily. If the servers are hosted in another country, complying with one of these requests would be illegal. So she only has to create a shell company or NGO that controls "Groklaw2", based in that country. If the officials of that "Groklaw2" receive a data request+gag order from the USA, they can safely wipe their backsides with said orders, as complying with them would be illegal in the country where "Groklaw2" is based.

        Disclaimer: IANAL, so if more knowledgeable fellow commentards see errors in my reasoning, I'd thank them for pointing out said errors.

        1. Anonymous Coward
          Anonymous Coward

          Re: Depressing. (@ jonathanb)

          No, you're not a lawyer.

          Guess what Groklaw do.

          1. Mephistro Silver badge
            Meh

            Re: Depressing. (@ jonathanb)(@ AC 20th August 2013 11:42 GMT)

            "No, you're not a lawyer.

            Guess what Groklaw do."

            I'm not totally sure to which post you're responding, but in the case it was my post, my answer would be:

            Unless you have first hand knowledge that proves that Mrs.Jones IS NOT planning to follow a similar course to the one I suggested in my comment, your comment is totally pointless.

            1. Anonymous Coward
              Anonymous Coward

              Re: Depressing. (@ jonathanb)(@ AC 20th August 2013 11:42 GMT)

              "Unless you have first hand knowledge that proves that Mrs.Jones IS NOT planning to follow a similar course to the one I suggested in my comment, your comment is totally pointless."

              No, you're incorrect, the comment isn't totally pointless, despite not having first hand knowledge of what Mrs Jones is planning to do.

              You're advising a LEGAL SITE what it needs to do, to work around national and international law, despite admitting you're not a lawyer. While demonstrating you neither understand relevant national, or international laws.

              That, my friend, is daft. Not totally pointless, but pretty daft, if you think about it for all of two seconds.

              1. Mephistro Silver badge
                Thumb Down

                Re: Depressing. (@ jonathanb)(@ AC 20th August 2013 14:29 GMT)

                "You're advising a LEGAL SITE what it needs to do, to work around national and international law,"

                Bullshit. Re-read my original post and tell me again how exactly I was 'advising' anything. Perhaps in the part of my comment that reads "I hope Mrs. Jones is at least considering reopening Groklaw in a different country" ? How the fuck can anyone mistake that for an advice???

                And, my dear AC, the only party involved who is 'working around national and international law' is the USA govt., and also ignoring and corrupting said laws. Moving the site to some country that respects its own laws and protects privacy and freedom of information would seem a good alternative to just closing the site.

        2. Anonymous Coward
          Anonymous Coward

          Re: Depressing. (@ jonathanb)

          Not necessarily. If the servers are hosted in another country, complying with one of these requests would be illegal. So she only has to create a shell company or NGO that controls "Groklaw2", based in that country. If the officials of that "Groklaw2" receive a data request+gag order from the USA, they can safely wipe their backsides with said orders, as complying with them would be illegal in the country where "Groklaw2" is based.

          Nope. Key is that the *decision power* resides in the US, and is thus incapable of producing a credible refusal, this is also the issue that any company has if it has its HQ in the US. One of the absolute first things you need to do if you want to develop a privacy model is move the HQ out of the US, only then can you start working on a legal framework which offers protection from abuse of lawful intercept. You can still have a subsidiary, but you cannot, under any circumstances, maintain a US HQ and handle client confidential information. There is simply no way you can guarantee the safety of that data in a way that stands up to legal scrutiny.

      4. Anonymous Coward
        Anonymous Coward

        Re: Depressing.

        Any American laws she has failed to comply with ?

    2. Vociferous

      Re: Depressing.

      > I hope Mrs. Jones is at least considering reopening Groklaw in a different country, i.e. a country which respects privacy

      You mean that she should give up even the flimsy protection offered by the US constitution?

      Only US citizens communicating on US soil have any protection, foreigners and US citizens communicating abroad have zero protection.

      1. James Micallef Silver badge
        Unhappy

        Re: Depressing.

        @vociferous - except that, as recent leaks have proved, the constitutional protection isn't worth the parchment it's handwritten on.

        1. Vociferous

          Re: Depressing.

          > the constitutional protection isn't worth the parchment it's handwritten on.

          This is not exactly true. Phonecalls made entirely within the US, for instance, weren't monitored, just traced and logged. The NSA doesn't even formally need a warrant to spy on you if you dial to or from a foreign location. Foreign = fair game.

          1. Marketing Hack Silver badge
            Black Helicopters

            Re: Depressing.

            Rules NSA works by:

            Anyone in the u.s. or u.s. citizens abroad --protected by 4th amendment and requires a warrant from (now admittedly rather toothless) FISA court.

            Rest of humanity --walking data pinatas, to be hit up based on how many swings with the stick the NSA has time for

            The net is--still rather depressing

            1. Vociferous

              Re: Depressing.

              > Anyone in the u.s. or u.s. citizens abroad --protected by 4th amendment and requires a warrant

              U.S. citizens abroad have no protection except in the sense that actively targeting them might require a warrant. US citizens receiving communication from abroad also have no protection. This is a concession to reality: the intelligence services tap satellite comms and landlines passing over international or allied territory (usually but not always OK'd by the allied country), it is not possible to avoid also hearing US citizens communicating abroad or receiving calls from abroad.

      2. Mephistro Silver badge
        Meh

        Re: Depressing.(@ Vociferous)

        "Only US citizens communicating on US soil have any protection, foreigners and US citizens communicating abroad have zero protection."

        Wrong. Foreigners and US citizens abroad are protected by the laws of the countries they're living in. Can that legal protection be sidestepped/eroded/ignored by the spooks? Definitely yes, but not without incurring in big costs and big risks.

        1. This post has been deleted by its author

        2. Vociferous

          Re: Depressing.(@ Vociferous)

          > Foreigners and US citizens abroad are protected by the laws of the countries they're living in

          But NSA isn't bound by those laws. As, say, a brit, you're completely fair game to the NSA for unrestricted surveillance.

  9. Anonymous Coward
    Anonymous Coward

    the good news about these Data-Canaries switching off (Lavabit, SilentCircle, Groklaw) is that they are sending a message that can be heard by influential groups like the Article 29 working party (WP29).

    http://ec.europa.eu/justice/data-protection/article-29/documentation/other-document/index_en.htm

    WP29 will surely examine the loyalties en affiliations of the staff & policy officers involved in drafting the 'police co-operation' (actually now proved to be 'intelligence agency co-operation') agreements intra EU/USA as part of their PRISM investigation. ...There was a previous statement from one of the Binney/Wiebe/Loomis whistleblowers that whenever the NSA gets stuck/blocked in a foreign governement or telco they just keep-calm, recruit the official and carry-on...

  10. hammarbtyp Silver badge

    Privacy is key to Groklaw

    I think privacy is very important to Pamela Jones, if that is really her name. She has always tried to stay anonymous and certainly during the SCO case with good reason where the the SCO management tried their best to smear her. So I think this is partly down to her desire to remain outside the limelight and while to some it may seem extreme, it is her right and should be respected.

    With the controversy of Ask.fm, it is easy to forget that anonymity is sometimes the only way that individuals can express their opinion when faced with greater powers than they, and is something which has to often been relinquished with to little fight.

    However I will greatly miss groklaw. Her opinions opened up the legalese which many technologies seemed to be mired in nowadays and let remember groklaw had a big hand in thwarting the biggest land grab in history when SCO tried to takeover Linux. For that we should always be grateful.

    Hopefully someone else will take up the mantle, however even if there is never another groklaw it shows how the internet can be used to fight large companies and thwart their plans.

    1. Anonymous Coward
      Anonymous Coward

      Re: Privacy is key to Groklaw

      "...groklaw had a big hand in thwarting the biggest land grab in history when SCO tried to takeover Linux."

      So you think IBM could not have done it on their own?

      1. hammarbtyp Silver badge

        Re: Privacy is key to Groklaw

        Possibly, however we have no way of knowing.

        What we do know is that groklaw fought the mis-information campaign and gave a good legal overview about the claims made by the various parties. It also made apparent how weak the SCO case was so giving companies and individuals who would otherwise paid the SCO linux tax the confidence to say no when the request came in their in-boxes so negating any profit to be made from the scam

        Most importantly it turned the developer community against SCO and that as much as anything decided the case.

        Yes IBM, Novell, etc fought the case and paid the lawyers but without the trench work done by groklaw maybe there would of been less pressure not to settle.

        Big companies like IBM have their own self interest at heart so relying on them to fight our battles without giving them a push in the right direction would seem a little naiveté

        1. FuzzyTheBear
          Pint

          Re: Privacy is key to Groklaw

          And in many instances Groklaw was sollicited to find previous art to help invalidate patents.

          Many a patent was fought against and was won because of the community.

          Groklaw was not only Pamela ( and no it's not her real name ) But a community of experts and noobs all learning and putting their shoulder to the wheel. Another No : IBM and Novell and the likes would not have won against SCO if it wasn't for the work of Groklaw. The site has been tremendous help to us all .

          Forever the Lady in a Red Dress will be in our hearts. Thanks Madam for all you gave us.

          Cheers !

      2. Solmyr ibn Wali Barad

        Re: Groklaw impact

        It sure helped the everygeek. To understand what is going on.

        Influence on those cases was probably minuscule. Maybe it was harder for the parties to fold & settle. Or maybe the lawyers got some useful hints from there, we'll never know it.

  11. Tom Mason

    Counterproductive

    It seems like the wrong reaction to me. If you believe the goal of the security apparatus is to shut down dissent and anything which may harm the interests of those in power (which imho is rather too paranoid), then simply giving up because of the danger that someone may be reading your communications just hands them victory without a shot being fired. It's the ultimate in being bullied into submission.

    It has been said the freedom is won through the blood of martyrs, and if it's something people really care about then the risk of being discovered and jailed unjustly is part of the price that would have to be paid. It's not really possible to stand up to bullies behind the veil of anonymity because wearing it simply demonstrates you're still afraid.

    Having said that I still think this is a massive and paranoid overreaction. I find it hard to see how the activities of groklaw would even register on the NSA radar, and even if they did how their reading of her communications would prevent her doing anything that she has been doing, or how it would affect those who communicate with her.

    1. b0llchit
      Big Brother

      Re: Counterproductive

      "It's not really possible to stand up to bullies behind the veil of anonymity because wearing it simply demonstrates you're still afraid."

      When the people in East Germany in 1989 started saying out loud in choir at the Monday demonstrations "Wir bleiben hier" (we stay) they were apparently no longer afraid to show their face and give up their anonymity. That was the point were revolution was at hand and commencing.

      The road up to that point required anonymity. Without anonymity it would not have come that far, at least not at that speed and probably not as bloodless.

    2. Don Jefe
      Alert

      Re: Counterproductive

      Beware the man who tells you from behind an army that only cowards hide in the shadows. That man will hunt down, with the lives of your sons and daughters, any who threaten his power.

      Only a fool fights a fight using the means their adversary has chosen. When those in control have bent the system to the point that you have no option but submission then you must change the way the conflict is undertaken.

      If that means moving offline and eliminating a tool for the adversary then so be it. That is the sacrifice. Nothing is accomplished by commanding the sea to recede all the while exposing the friends of friends of friends of someone's family to interrogation, intimidation and ruin.

  12. sillyfudder

    Re: Privacy is key to Groklaw

    Plus 1 for hammarbtyp.

    She's just a private person who feels violated, (and uses the example of a burglar rummaging through her belongings to express this).

    You should read her own comments rather than the registers rehash before commenting about how she is an idiot for thinking email was secure.

    She seems to be concerned because privacy is an enormously important part of being human, but has been casually and routinely violated (en masse) for no purpose.

    I completely agree, but she puts it much better.

    1. Anonymous Coward
      Anonymous Coward

      Re: Privacy is key to Groklaw

      But she still has an email address "p.jones at mykolab.com" so why give up?

  13. Whitter

    But what to do? Politics is broken and the state is corrupt.

    The security state is ever growing. You can't stop it, as there is no vote you can cast in our 'democracy' that actually represents your point of view, certainly no vote that will be count. Now what?

    1. Flocke Kroes Silver badge

      Politics is only broken if you believe it is

      This is not (yet) a two party state. Vote for one of the others. Stand for election yourself. Write to your MP and tell him why you are taking your vote elsewhere.

      1. Yet Another Anonymous coward Silver badge

        Re: Politics is only broken if you believe it is

        No it's a 1.5 party state.

        You vote for a 3rd party to avoid either of the liars and they do a deal with one of the liars

  14. Anonymous Coward
    Anonymous Coward

    Wrong response

    Unfortunately, PJ made a bad choice. ALL private human communication has become impossible. A clever team pf programmers with really large computers can take the following data:

    license plate scans & police logs

    pen register logs (caller-callee-start-end)

    cell tower access logs

    US Postal service mail scans (images of outside of all items)

    RFID tag scans (toll tags, instore shopper tracking, etc)

    social media links

    IP sender receiver address logs

    facial recognition of CCTV images

    credit card charges

    and from it they can deduce everyone who has regular contact even if only sitting on a park bench. It's not the content, but enough to concoct warrants to get that. So privacy requires changing the laws and enforcing the change in the courts.

    NSA has a policy of storing ALL encrypted information (that they can't trivially decrypt). The best way to fight NSA is by widespread use of the hardest available public key encryption and sending spam "messages" which are truly random bits produced by a physical RNG. That will consume the Bluffdale budget at a rate that causes severe problems for management. It will force the security apparatus into a very difficult position. Their budget requirement as a proportion of GDP will grow until it consumes everything. THAT is guaranteed to force the Congress to reconsider the law. Even the DHS will lose in a battle over the Social Security and Medicare budget with AARP.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wrong response

      Unfortunately, I don't this this would matter.

      This whole "security" apparatus is the new Military-Industrial complex. Its purely a means of laundering tax-payers money through the hands of government departments and defence contractors in the name of keeping us "safe". It is absolutely a means unto itself.

      But unlike education, healthcare or infrastructure the security beast has the means, the opportunity AND the motive to protect itself from examination and moreover to intimidate those who advocate examination.

      It's frankly extremely concerning.

      1. Anonymous Coward
        Anonymous Coward

        Re: Wrong response

        The metadata is already being collected and stored. There is no way around the traffic analysis other than an undetectable "dead drop". That's doable but impractical for general use. The metadata is a small enough volume they can afford to store it. So there is little way to stop that other than a concerted political campaign.

        Content is a different matter. Bluffdale was designed and budgeted to store a certain volume of encrypted traffic until advances in technology and math make it readable. The entire premise rests upon only a small volume of traffic being encrypted. Increasing the volume of encrypted traffic that needed to be stored by a factor of many millions would bust the agency's budget. If the whole world switched to ECC (elliptical curve cipher) based public key encryption the resulting data volume would defeat the goals of the Bluffdale complex. They'd run out of storage media, space and budget.

        Universal use of strong encryption would effectively DDoS the NSA content collection. The probable response, of course, would be to make encryption without key escrow illegal, but that would cause other issues and lots of corporate pushback.

        I agree it's a matter of great concern and have felt that way for years. I've always been surprised how few people recognize it. It's featured in practically every crime show at some point in the plot. It started when the telegraph was invented and has kept pace with technology ever since.

  15. DrXym Silver badge

    I don't understand this at all.

    I really don't get the purpose of shutting down except as some general protest against eavesdropping. There are numerous ways to achieve encrypted communication that protects her and her informants. e.g. publish a GPG key and encourage people to use it. Or put an "information" form on her website which doesn't involve any email traffic at all (ensuring it was protected from man in the middle attacks with https), or use dead drops, or an ISP in another country and publish the email to that.

    Better yet, sites like Groklaw, EFF could make a call to arms to spearhead the development of an encrypted, easy to use, scalable, p2p based, messaging/mail transport which contained end to end crypto, signing, key revocation etc.

    1. richard?

      Re: I don't understand this at all.

      I was thinking the same thing.

      For confidential email, why would anyone trust their email provider and not use encrypted email?

      Of course, it is virtually impossible to hide the source and destination in email, since that's needed for delivery and having a two way conversation, but even that is fixed by encrypted online form - just use it from a web cafe, and provide a unique private ID to have a secure two-way discussion.

      Of course she would need to ensure the encrypted data is only opened on her own PC in her own secure environment.

      The blog owner can still be subpoenaed for information but that's just normal law exactly as it should be; I'd imagine PJ would be able to handle it, and have lots of support if it happened.

    2. M Gale

      Re: I don't understand this at all.

      "Better yet, sites like Groklaw, EFF could make a call to arms to spearhead the development of an encrypted, easy to use, scalable, p2p based, messaging/mail transport which contained end to end crypto, signing, key revocation etc."

      The Freenet project, and the Sone and Freemail services that run over it seem rather promising. More based on plausible deniability than encryption, but no reason you can't doubly encrypt what you put on there.

      1. DrXym Silver badge

        Re: I don't understand this at all.

        Freenet crossed with Bitcoin would be the best analogy I can come up. A nice idiot proof, user friendly front end which participates in a P2P network that holds a distributed public key store and message boxes.

        It would face many technical hurdles to be robust and discourage abuse / attack but I believe if it were championed the way Tor is, that it could gather enough momentum to be useful.

        1. Anonymous Coward
          Anonymous Coward

          Re: I don't understand this at all.

          You're still only looking at the technical angle. Technology isn't your problem, there are more "secure email" providers than you can shake a stick at. Your problem is the legal framework that surrounds them. If legal intercept can be abused unchallenged, the best tech in the world won't protect you because your provider gets to choose between giving access, jail or close shop. Look at Silent Circle: it is likely they would have done a good job on the tech side, but tech is not what got them in the end, just as Lavabit.

          If you don't address the legal issues you are at best selling security theatre.

          1. DrXym Silver badge

            Re: I don't understand this at all.

            The technical angle *is* the legal angle. If the mail is p2p there is no single server to intercept since the server is distributed across thousands, tens of thousands of nodes around the world. Second, even if the NSA or whoever were to participate in the network, the contents of the messages in transit would be encrypted.

            It would be extremely hard to intercept the plaintext in the email because it would be encrypted using the recipient's public key plus additional encryption as it passed between nodes. They might if they had enough nodes in the network infer through analysis who a box belongs to, depending on the number of hops someone uses to retrieve it. They might be able to disrupt the service in some way, e.g. generating a storm of bogus messages, dropping requests that come through their malicious nodes. This is why I said there would be technical hurdles and it would need wide publicity and support from big players to make the network robust enough to withstand them.

            It would also make sense to impose some artificial constraint on the message size, e.g. 4kb and some kind of punitive delivery "tax" on the sender (e.g. some increasingly compute expensive puzzle during sending) to ensure it was used strictly for low volume messages rather than sending around porn or multipart files.

  16. MrMur

    She talks about being burgled and not being able to stay in the house another night.

    Well, we were burgled. And we stayed in that house that very night... and every other night after that. It was our house and its where we lived - no burgler was going to take that from us.

    If the NSA get round to having the tech and the will to decrypt my emails, then all I can say is I hope they enjoy the cat pictures.

  17. John Smith 19 Gold badge
    Unhappy

    And remember people the *universal* excuse. It's for *your* safety.

    How's that working for you?

    Feeling safe?

    Because I don't.

  18. pete 22

    Smart move, - the LoC

    Anyone remember that Groklaw is archived at the Library of Congress? This move will be archived also. This means that this will become a permanent stain on US democracy, and historians will know where to look. PJ is basically making a statement and changing history by demonstrating how the internet routes around damage.

    1. Anonymous Coward
      Anonymous Coward

      Re: Smart move, - the LoC

      "Anyone remember that Groklaw is archived at the Library of Congress?"

      Just searched the LoC website. No hits for Groklaw. What gives?

      1. Gnomalarta
        Coffee/keyboard

        Re: Smart move, - the LoC

        http://web.archive.org/web/*/http://www.groklaw.net good from 2005

    2. heyrick Silver badge

      Re: Smart move, - the LoC

      "This move will be archived also." - don't count on it. History is full of 'adjustments' (read - outright lies). Just go into any history lesson in any school in any country that played a part in World War 2 and you'll probably notice some disparities with the story told by other countries.

      What is in our favour is that we can archive and preserve Groklaw. The whole lot could be dumped onto various forms of storage device (SD card, CD, etc) and buried in a time capsule thingy. If this was indeed to become a stain on US democracy (or even if it goes Orwellian and history is systematically rewritten), there should still be copies of it around in other places.

      But, really, don't count on the recordings of the people that are the problem to tell the whole story in the future...

  19. Anonymous Coward
    Anonymous Coward

    Secure email coming soon

    So this can only fuel the development of secure email and a more secure internet.

  20. Ottis
    Pint

    And so, the powers that be, eventually silenced all communications, and their control of the world was complete.

    The world cannot complain. The world allowed it.

    1. Anonymous Coward
      Anonymous Coward

      first they came for the emails ...

  21. Tom 13

    there is now no private way, evidently, to collaborate

    Sure there are. We've just gotten spoiled and don't want to use them.

    Regular mail is still protected.

    And you can have face to face meetings.

    But they are either not as immediate, or require planning and possibly money. You do of course still run some legal risks, but those are the established legal risks.

  22. Anonymous Coward
    WTF?

    And so the US proves that oppression works.

    Make the dissenting voices go away.

    We need more Groklaws, not fewer FFS.

  23. Someone Else Silver badge
    Unhappy

    Just like 9/11

    When the 9/11 berks managed to get us to change our society to a(n explicit) police state, they won. So is it, too, now that the police state police are intimidating law abiding citizens, they have won.

    It's a sad day for anyone not Idi Amin...

    ...or Dick Cheney...

  24. Anonymous Coward
    Anonymous Coward

    And they won't even let people comment. What a wimp.

  25. rictay

    Back doors everywhere

    I've worked on networking technologies since the 1970s and know that security services are provided with back doors everywhere so they could "keep an eye on the subscribers". There is no safe communication, we are all under surveillance as we are all deemed to be potential enemies of the State. Nobody is innocent any more.

    Seem to remember some lines from the film "Unforgiven" where the sheriff (Gene Hackman) beats up Clint Eastwood's character in the saloon. One of the women says:

    "You just beat up an innocent man."

    "Innocent of what?" asks the sheriff.

  26. Clive Harris
    Big Brother

    There's more - that she's not saying

    It's obvious something has happened to Pamela which has scared the living daylights out of her, and that she can't talk about. Maybe she's forbidden to say, or maybe she doesn't dare, so she's just dropping hints about burglaries and intercepted emails.

    Through Groklaw, she's made a lot of enemies, powerful and ruthless people who have lost a lot of money, because she helped to expose what they were up to. People who can pull strings in high places.

    Everyone is susceptible to blackmail. Maybe someone's dug up something from her past. Maybe one of her family members is being threatened. Whatever it is, it's big enough to silence her.

    With Groklaw out of the way, expect a massive onslaught of attacks against open-source software, and any other form of free expression, at any moment, and with no-one to tell the other side of the story. Truly, we are living in troubled times!

    1. M Gale

      Re: There's more - that she's not saying

      I'm sure Florien Mueller would be happy to beat the Open Source drum!

      Do I really need a suitable icon?

  27. Anonymous Coward #69

    Come now...

    ...get your GPG on baby! Why is it that when there is a good reason to use encryption, people just bend over instead?

  28. Anonymous Coward
    Anonymous Coward

    Another one bites the dust

    It's all good.

  29. Crisp Silver badge

    Doesn't this violate attorney/client privilege?

    Or does that only apply in the case of criminal proceedings?

  30. Nym

    Mass

    The main problem with a massive amount of data isn't classifying or intercepting it; it's not even filing it in the appropriate place. It's finding useful patterns in it; without these patterns you've still simply got a mass of data. And without some sort of pattern to prompt initial investigation the majority of intercepts languish on the vine, since the NSA has no intention of keeping information forever. Unless, of course, they can get IBM's supercomputer or the like in on things I suppose; however, it's quite difficult to instruct someone or something to do something you can't describe because you don't actually know what it is--which is basically the description of...a politician.

  31. Anonymous Coward
    Anonymous Coward

    I'm Gutted

    I used to read Groklaw daily from the early days of the SCO saga. What am I going to do with all that free time I have. I will really miss the site and the fight for justice!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019