[SecurityRatty] tag: subpoena

The Future of Ephemeral Conversation

Mon, 24 Nov 2008 11:06:41 +0000

When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.

This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.

We know this intellectually, but we haven't truly internalized it. We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later.

Oliver North learned this, way back in 1987, when messages he thought he had deleted were saved by the White House PROFS system, and then subpoenaed in the Iran-Contra affair. Bill Gates learned this in 1998 when his conversational e-mails were provided to opposing counsel as part of the antitrust litigation discovery process. Mark Foley learned this in 2006 when his instant messages were saved and made public by the underage men he talked to. Paris Hilton learned this in 2005 when her cell phone account was hacked, and Sarah Palin learned it earlier this year when her Yahoo e-mail account was hacked. Someone in George W. Bush's administration learned this, and millions of e-mails went mysteriously and conveniently missing.

Ephemeral conversation is dying.

Cardinal Richelieu famously said, :If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply. Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a Blackberry, are not official pronouncements. Discussions in a meeting, whether held in a boardroom or a chat room, are not the same as answers at a press conference. And privacy isn't just about having something to hide; it has enormous value to democracy, liberty, and our basic humanity.

We can't turn back technology; electronic communications are here to stay and even our voice conversations are threatened. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard ephemeral conversation. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed. Laws requiring ISPs to store e-mails and other personal communications are exactly what we don't need.

Rules pertaining to government need to be different, because of the power differential. Subjecting the president's communications to eventual public review increases liberty because it reduces the government's power with respect to the people. Subjecting our communications to government review decreases liberty because it reduces our power with respect to the government. The president, as well as other members of government, need some ability to converse ephemerally -- just as they're allowed to have unrecorded meetings and phone calls -- but more of their actions need to be subject to public scrutiny.

But laws can only go so far. Law or no law, when something is made public it's too late. And many of us like having complete records of all our e-mail at our fingertips; it's like our offline brains.

In the end, this is cultural.

The Internet is the greatest generation gap since rock and roll. We're now witnessing one aspect of that generation gap: the younger generation chats digitally, and the older generation treats those chats as written correspondence. Until our CEOs blog, our Congressmen Twitter, and our world leaders send each other LOLcats – until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers– we aren't fully an information age society.

When everyone leaves a public digital trail of their personal thoughts since birth, no one will think twice about it being there. Obama might be on the younger side of the generation gap, but the rules he's operating under were written by the older side. It will take another generation before society's tolerance for digital ephemera changes.

This essay previously appeared on The Wall Street Journal website (not the print newspaper), and is an update of something I wrote previously.

Resist the latest business phishes

Fri, 02 May 2008 20:00:00 +0000

The latest spam can take the form of a subpoena purporting to be from a United States District Court, a calendar invite, or an IRS refund, in 'net cast wide' blasts or more targeted 'spear phishing' usually aimed at businesses.

Spear Phishing with Better Business Bureau complaints

Thu, 24 Apr 2008 20:04:25 +0000

I received the following email yesterday purporting to be from the BBB. It looked phishy to me, so of course I did not click the link and did a little investigating. However, I could see how someone would be fooled on this one, thinking someone filed a bogus complaint against them. Almost as good as the subpoena story I heard from a customer last week. Beware of stuff like this!

BBB CASE #841246605

Complaint filed by:

Brian Williams

Complaint filed against:

Business Name:	StillSecure
Contact:	Alan Shimel
BBB Member:	YES

Complaint status:

Category:

Contract Issues

Case opened date:

4/20/2008

Case closed date:

Download a copy of this complaint so you can print it for your records (DON'T CLICK THIS)

On February 23 2008, the consumer provided the following information: (The consumer indicated he/she DID NOT received any response from the business.)

The form you used to register this complaint is designed to improve public access to the Better Business Bureau of Consumer Protection Consumer Response Center, and is voluntary. Through this form, consumers may electronically register a complaint with the BBB.Under the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. That number is 246-967.

CEO subpoena scam fires up anew

Wed, 16 Apr 2008 20:00:00 +0000

After tricking several thousand executives into downloading malicious software earlier this week, online scammers started up their subpoena phishing scam again Wednesday, but on a much smaller scale.

Get a FREE MICROSOFT DYNAMICS ERP/CRM RESOURCE DVD	Advertisement
See how ERP and CRM solutions from Microsoft Dynamics work BETTER with your everyday software.

Criminals hack CEOs with fake subpoenas

Sun, 13 Apr 2008 20:00:00 +0000

Panos Anastassiadis didn't click on the fake subpoena that popped into his inbox on Monday morning, but he runs a computer security company. Others were not so lucky.

Rampant FBI Abuse of Power Now Paperwork Free

Tue, 20 Mar 2007 20:53:00 +0000

Last week I read on Schneier’s blog about the rampant abuses of new powers granted under the Patriot Act. Today I read over on the Washington Post that the new rules from the FBI’s general counsel directs agents to use better discretion and to ditch the paperwork.

Wasn’t it the improper paperwork that led us to discover the FBI improperly obtained data? How does instructing agents to limit requests to the most dire situations, to not file follow-up paperwork (grand jury subpoena or national security letter), and to ask for the data orally fix the problem?

Here is the new process:

FBI suspects you of a crime.
FBI calls the phone/ISP/bank/etc. and asks for data under the emergency provision.
The company takes their word for it and provides the data.
FBI doesn’t have to obtain warrant and receives data without a single sheet of paperwork.

Anyone see how this could be abused? Forget judicial oversight, now they don’t even have agency oversight.

Sickening…