The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

Mar/13

19

Will a warrent be required to access your email.

Email Privacy Hearing Set To Go Before The House On Tuesday | WebProNews

The House Judiciary Committee is going to be discussing the Electronic Communications Privacy Act. There is a chance that they will strengthen it.

This act was written decades ago, before there were any real cloud solutions. Email was downloaded by your email client, and immediately deleted from the server. They law assumed that any email left on a server more than 180 days had been abandoned, and so no warrant was required for law enforcement to obtain it.

These days, with services like gmail, we tend to keep our email on the servers for years, with no thought that it has been abandoned. Law enforcement is opposing reforms of this law because it would make their work more difficult. Doubtless it would, as does almost any civil liberty.

Earlier this month Zoe Lofgren introduced the Online Communications and Geolocation Protection act, amending ECPA. It would require a warrant to obtain cell phone location information. There is clearly some momentum for reform.

· · · · · ·

6 comments

  • Darren Chaker · April 16, 2013 at 8:17 pm

    Happy to see some reform and hope the recent attack in Boston does not create hype about killing off privacy reform as American’s lick our wounds from the PATRIOR Act. Privacy promotes our free society. If bad guys do what bad do, a warrant is not a blockade to justice, just a method to keep checks and balances.

  • Jamie Southworth · November 18, 2013 at 9:10 am

    Very pleased to come across relevant content on the whole issue. I listed your blog in my Security Blogs listing. http://www.datamotion.com/2013/11/email-security-blog-recommendations/ Looking forward to seeing more great content!

  • Doug McFetters · January 16, 2014 at 11:10 am

    Lance – our private and secure email ShazzleMail tossed aside the client/server architecture and uses a sender’s smartphone as the server. Feds could serve us, but we don’t have any emails to share. Check it out – http://shazzlemail.com/quick-start

  • Author comment by Lance Cottrell · January 16, 2014 at 11:20 am

    This is an interesting concept. There is not enough technical explanation that I can find on the website to feel comfortable with what you are doing at this point.
    I would like to see more about how the two parties are authenticated to each other, and how the connections are brokered when both parties are behind NAT firewalls (as will usually be the case).

  • Doug McFetters · January 20, 2014 at 1:38 pm

    Hi Lance

    2 parties are authenticated with public/private keys handshake that is confirmed by validating the public key in our registry. Additionally, an account holder can not update their public key if they don’t have user name/password correct.

    As for the firewall issue, we use relays if the receiver is not addressable.

    Would it be more helpful if I put you in touch with our CTO for further discussion?

  • Author comment by Lance Cottrell · January 27, 2014 at 11:05 am

    That would be fantastic. Thanks for the offer.

Leave a Reply

<<

>>