Yes, but would you rather get the letter and know you were under investigation (which basically becomes a standard warrant/subpoena/etc situation), or would you rather remain unaware that something was going on?
Again, it is the outsourcing of responsibility to third parties with minimal interest in protecting your rights that has largely led to this email dragnet surveillance environment. It has been easy to do, without the knowledge of the average end user. But it doesn’t have to be that way.
Only the uppity ones.
Is there really a fundamental difference?
In the case of me getting the letter personally, it’s a crime to even talk about it. The most I can do to push back is hire a lawyer to push back, lose everything paying that lawyer, and then lose the case and give them everything. If by some stretch I win, I can’t talk about it, and I still owe the lawyers a shit ton.
If it’s a company getting the letter, they have whole offices of lawyers on retainer to fight it.
Either way, the government gets what they want. The only question is, who loses money, me or the big companies?
The problem here is that people are boycotting big companies who can likely fight this with MORE resources than they themselves alone can bring. That’s stupid. The problem is NOT the big companies are complicit with the overbearing government. The problem is that there’s almost NO WAY to fight this, and that it’s an overbearing government.
So what if you KNOW they’re coming after you?
Because if you are Hotmail, and the government says “hand it all over” or just taps the fiber, they get a massive amount of mail for a minimal investment of effort. Think about it. If you can tap Hotmail, Gmail, and Yahoo, you’ve got access of some sort to roughly a billion mailboxes. And it appears that those “whole offices of lawyers on retainer” have not been adequately used to challenge this.
By way of comparison, the government cannot go after self-hosted mail servers in the same way. Sure, if they come after you, you may not be able to fight it effectively either. However, you’ll at least know, and moreover, since they’ve got to deal with you individually, that makes it substantially less convenient. Even if there’s only a million people running their own mail servers, that is a substantial amount of paperwork needed for a negligible gain, and imagine the problems coping with it all.
So your argument is a fallacy: the fact that the government COULD target you specifically is irrelevant; they’ve been able to search and seize with a warrant since the beginning. The point is that if you own it yourself, they cannot use NSL’s and their “business record” exemptions to do dragnet surveillance on your own machine without you knowing about it, and since that would not be feasible for large numbers of users or users for whom probable cause couldn’t be established, running your own mail server would make dragnet e-mail surveillance much more difficult.
Does anyone know if the NSA can ask an IT employee to divulge passwords, etc. to them with the stipulation that the employee can never tell their employer about the request?
This wouldn’t surprise me one bit.
That’s basically what a National Security Letter IS.
ahhh what’s with the “if you knew what i know” shit just spill the beans.
If he spills the beans, he goes to prison for between 5 and 20 years for violations of the law surrounding FISA and the NSL.
He can’t tell you. He can’t tell anyone. Except, likely , his lawyer.
You’re saying that the current email system, already in place and working, does not scale, while saying that everybody should set up their own email server instead? 99% of current email users couldn’t set up any kind of server with a gun to their head. And 90% of the people who can don’t care enough to set up and maintain a server for something that thousands of companies provide for free.
No, I’m saying that if the government had to deal with hundreds of millions of mail servers, rather than being able to concentrate on just a few major mail services, that wouldn’t scale for them. It’s a technical complexity issue. Relatively easy to tap a few things and get a firehose worth of data, relatively easy to intimidate a large corporation that doesn’t really care about “users” anyways.
Our failure to have made it common or easy for the average user to set up services does not change this fact. That many users do not care to is largely a function of them not understanding why it might be to their advantage. In what way does that invalidate the point I’m making?
In that it cannot happen, because it is contrary to human nature – creating an extreme amount of work for negligible perceived benefit to the audience.
So it’s an interesting point, I guess, in a totally theoretical abstract “what if the sky was green, maaaan?” kind of way.
People always follow the path of least resistance. Probably the best thing to do at this point is work on making client initiated encryption systems (where your data arrives on the servers already encrypted, and the servers have no way to decrypt the data, even with a gun pointed at their heads) brainlessly easy.
Yes, ten years ago it likely did represent an extreme amount of work.
These days, not so much, for the reasons I already outlined. It has become substantially more practical for the average person to do this.
And while many people will follow the path of absolute least resistance, some won’t, whether because they enjoy learning, or prefer the idea of doing it themselves, or have been bitten by the failure of a service provider in the past (and loss of e-mail addresses), or perhaps because they discover that the NSA is doing something they find objectionable.
So, quite bluntly, you’re wrong. It can happen, and does happen. For those of you who would like to do it, there are completely viable options. I’m not saying you have to do it. However, if you do, you gain a variety of benefits.
Why would an IT employee have access to user passwords? That’s what hashing is for.
I suppose the NSA could “request” that you install keyloggers, but the correct response to that request is “go fuck yourself.” They can’t take it to court without making a big sloppy scene.
Why doesn’t anyone get this.
They don’t take you to court. They send you a letter called a National Security Letter. It says, basically, for reasons of national security you must do this. You cannot contest it. You cannot appeal it. You cannot disclose you got the letter. Failure to comply means you are detained. At very least, there’s a secret court and process you can appeal to and through. That also cannot be disclosed, cannot be revealed, cannot be discussed.
The FISA court is a different secret court. Rules that apply to NSA’s NSL letters apply here too.
So your “They can’t take it to court…” is irrelevant. They take it to a secret court, you’re arrested, and the entire damn thing is sealed. All of it. Even disclosure is against the law. This is happening RIGHT NOW.
I wonder what would happen if Ron Wyden, or someone like him, took all his secrets and anonymized them and released them into pastebin. Sure, the document would lack the credibility of a congressional signature; but if a few matching narratives surfaced, it could just be the crack in the dam.
For that matter, I wonder why Snowden went public instead of anonymous?
Because they knew it was him the moment the word of the leak spread. There were law enforcement at his house and at his family’s house within minutes of Greenwald’s very first hint of the documents. If he remained anonymous, he could be vanished and no one would know.
EDIT:
And he could have been vanished by the chinese intelligence service, too. Remember, if he has really important info, they want it.
I wonder how they knew. Was the data that unique that only one man had access?
They probably had logs of him doing it and alarms of access. The clearance system in the US tends to trust people once they get the clearance. That doesn’t mean there are no other protections, it just means that once you get trust ,they assume you won’t run off with four laptops worth to China. 
