My friend Dave Taht, who battles bufferbloat for us all, pointed me today to a document from the Wireless Internet Service Provider Association. It’s the WISPA CALEA Compliance Guide, which details most of the rules that wireless ISPs are required to follow by CALEA — the Communications Assistance for Law Enforcement Act of 1994. These rules, variants of which apply to all telcos and to ISPs of all kinds (not just wireless), say what those companies are required to do to comply with the law. More directly, it specifies how they can be required to intercept customer communications and relay that content to law enforcement agencies.
Read it if you have a moment. The document, which is chilling, explains a lot both in what it says and what it doesn’t say.
If you think your Internet communications are private, they aren’t. To be compliant with the law ISPs have to be able to isolate target communication, record it, decrypt it, gather metadata and associated out-of-band communication, figure out what parts of the communication aren’t from the target named in the court order, remove those and not give them to law enforcement but still save them for five years just in case, then hand the rest over to the cops, FBI, etc.
If you wonder where privacy appears in this document, here it is: 1) the ISP is not allowed to tell you that you are being snooped on (enforcing the privacy of law enforcement); 2) if multiple law enforcement agencies want to read your e-mails or listen to your VoIP calls (both are specifically covered) the ISP is required to not tell any of those law enforcement agencies about the others, and 3: there is no three. Customer privacy is never mentioned in the document.
Nor are there any requirements for who at the ISP is allowed to do this snooping and decrypting or what else they can do with the data requested by law enforcement.
I found it especially concerning that the ISP, not the law enforcement agency, is required to decrypt all intercept communications and look at, listen, or read them since these would seem to be the only ways to determine if that’s you on the phone or your nine year-old.
Most ISPs I know hire as many folks as they can at or near the minimum wage, which is not to say that poorer people are less ethical (heck, they are probably more ethical). But in mandating CALEA compliance ISPs are required to have on-hand all the snooping tools you can imagine and the knowledge of how to use them without being detected.
Late at night can’t you imagine that somewhere some tech is reading his girlfriend’s e-mail?
Maybe they have another document saying not to do that, but I couldn’t find it.
Privacy is dead. Don’t we all feel so much safer for that?
I was just at WISPAlooza 2013 in LV last week. They had a session on this very topic:
Privacy Beyond CPNI and CALEA: What You Don’t Know Can Hurt You
This session will highlight compliance requirements for CPNI and CALEA privacy laws, in addition to other federal and state privacy and data security laws and regulations that apply to WISPs; such as state security breach notification laws, ECPA, TCPA, and the U.S. Patriot Act. In light of recent news events about federal government surveillance of domestic subscribers, we’ll also explore compliance with and challenges to FISA requests or other court orders
This pretty much proves (if the high profile compromises of certificate authorities didn’t already) that SSL as it is currently used, with its centralized “trust” model is useless.
You can’t trust the CA’s and you can’t trust your ISP.
Yeah, thats pretty depressing.
It will take a technical solution to fix the problem, one that involves trusting fewer parties. Just the endpoints. self signed certs are treated as “risky” by all major browsers. I don’t know if that is the way to go, or something more like ssh tunnelling.
Hey, I have an idea.Write your message on a piece of paper, stick it in an envelope, put a stamp on it and then put it in a mail box. Government agencies are so busy geeking around they’ve probably forgotten dead tree mail even exists.
Er, no. USPS takes pic of address side of every mail item.
There are good reasons for self-signed certificates to be distrusted.
When you are asked to trust a self-signed certificate, it may look like you are being asked to trust a particular host. In fact, you need to trust your DNS provider, that the IP address actually belongs to the host you’re trying to reach, and you need to trust your ISP and all the intermediate ISPs, that the packets that are allegedly coming from a particular IP address actually are being generated by the proper owner of that IP address.
Saving signatures like SSH would make self-signed certificates a little more secure, but it is non-scalable, and in fact would compel you to trust many more parties. Also, it doesn’t really work when the host’s private key is compromised. Note how it was possible for the PHP.net and Lavabit.com private keys to be revoked and replaced. Also, keys need to be regularly rotated and replaced for various other reasons. Note how Google is promoting increased key lengths for SSL, because technology improvements are making shorter SSL keys insecure.
I like a basic idea that I heard from Whitfield Diffie: The Certificate Authority business model is fundamentally backwards. Hosts pay the authority to verify their own identity. Instead, clients should be paying someone to verify the identity of a host they’re connecting to. The way Diffie put it, it makes no sense for me to trust a Chinese certificate authority’s signature on a Google certificate. But, as an American, it does make sense for me to trust an American investigator’s signature on a Baidu certificate. I don’t know how to make a business from it, though. Adding an independent investigator would make SSL’s handshake protocol dramatically slower. It’s already slow enough.
Speaking of Diffie: “Far greater threats come from malicious software on end-users’ computers, which is alarmingly widespread.” https://www.hrichina.org/crf/article/3256
I guess I should explain how self-signed certificates require more trust, not less.
In the certificate authority system, you’re trusting the certificate authorities. There’s a relatively limited number of them, and they sign all the major SSL certificates. I don’t need to trust Yahoo and Wikipedia’s servers individually, because they get their certificates signed by DigiCert. Microsoft, Facebook, and Twitter are verified by Verisign. These root certificates are installed with the operating system or web browser, so they get updated at the same time.
Switching to trusting self-signed certificates is not viable. As I mentioned, you have to trust the DNS, your ISP, your ISP’s transit ISP, and so on, not to interfere with your communication. Then, once the self-signed certificate is installed, there’s no scalable method to change its trust level. Effectively, every certificate becomes its own root of trust. You may remember all the pain when DigiNotar’s problems were discovered, and every OS, browser, and programming framework had to release updates to remove DigiNotar’s root certificate from their trusted CA collections. And they needed to be updated again when TurkTrust’s mistakes bit them. This level of pain would be a regular occurrence if everybody used self-signed certificates. Moxie Marlinspike calls this, a lack of trust agility.
Marlinspike’s proposed solution is similar in concept to Diffie’s proposal, but less commercial. He proposes a network of notaries that verify that certificates belong to particular servers.
http://convergence.io/
I must be missing something. It looks like they want us to trust “notaries” that anyone can set up, including me, and I have no idea who to trust. Also, in spite of their desire to get more people involved, they limit the whole program to Firefox users only. This is a quote from the “Get Involved” section:
“Run a Notary
Help Convergence grow by setting up a trust notary of your own and telling your friends and colleagues about it. You can download the notary code here.”
Madness. Privacy died not with a bang but a whimper.
[…] Link. Today Schneier too. Duty? Only geeks seem to care. […]
Benjamin Franklin once said, “Any society that would give up a little liberty to gain a little security will deserve neither and lose both.”
We get the government we vote for, whether we want it or not.
We vote in “tough on crime” politicians who are happy to come up with laws like this. The masses of asses fall back on the “if you’re not doing anything wrong, what’s the harm?” defense. We start various “wars” on vice and terror (not actual enemies) and then when the NSA starts to Hoover up all the information on the Internet and store it in Utah some of us are surprised.
The ISPs are forced to comply under mob-like racket rules. Washington cheers because it means more control.
War means you go “all in” to win, no matter the cost, no matter how long, no matter the consequences. The government, by going into these unwinnable “wars” insures they have permanent jobs.
Meanwhile a generation of black men rot away in the prison industry.
Millions of Iraqis killed over questionable intelligence.
The trashing of the Bill of Rights.
What happens when the IRS starts getting subpoenas for all that data in Utah?
Remember – They hate us for our Freedoms!
I imagine there’ll be a booming business in setting up public VPNs… a lot of businesses are paranoid about customer confidentiality and being sued in the event of information leakage.
I guess you missed the leak about VPN companies being required to turn over encryption keys and install back doors for the NSA?
The document Bob linked to says that VPN logs (metadata) must be kept and “Tunnels or VPNs that are created and controlled by the Target do not require any special attention by the service provider, other than ensuring that 100% of the Target Traffic is collected.” That’s because the “target” can create end-to-end encryption, so all the ISP can do is give the government encrypted data. With strong enough encryption, no one will be able to decrypt it in less than 100 years except, of course, the target. So privacy of the content is still possible and legal.
IBM, the respect the individual company for the last several years has been trashing its employee compensation and benefits, shipping 100,000’s of jobs off shore, …
.
Walmart and others is one of the biggest employers of under skilled workers. To avoid providing them health care benefits they have cut their hours. Now these under skilled workers are under paid and are forced to work multiple jobs to make ends meet — and they still have to buy their own health insurance!
.
Now as noted in this article there is no electronic privacy. If you thought Eric Snowden was bad, the NSA had some amount of internal checks and balances. Compared to the NSA, most ISP’s have none. All it takes is a cyber crime group with some bribe money and some ISP’s will be leaking all kinds of secrets.
.
Isn’t it interesting telemarketers can now ignore the No-Call laws? Law enforcement is powerless to stop them. Cyber criminals are not systematically attacking our banks, retailers, and companies and stealing vast amounts of money from us. Yet the government is doing little to stop them. If we’re going to be collecting all this personal information, why can’t some of it be used to actually enforce our laws and protect our financial system?
You got it all wrong. I spent years in the ‘wiretap’ business and not once did I see an American ISP open the traffic and listen to or look at the traffic. They don’t want to, they don’t have the BIG bucks to store the data, and they certainly don’t want the liability. Yes, they are ‘forced’ to by CALEA, but the trade offs are worth it. (Note, this is about commercially available CALEA software, not the NSA BS that is also going on)
Now, the rest of the world is different. Foreign countries routinely spy on their own citizens, no legal warrant required.
“then hand the rest over to the cops, FBI, etc.”
What would the FBI do with all this data? – For almost 5 decades FBI director Hoover amassed power by collecting files containing large amounts of compromising and potentially embarrassing information on powerful people, especially politicians. President Truman and Kennedy considered dismissing Hoover as FBI Director, but concluded that the cost of doing so would be too great. Hoover remained director until his death in 1972.
Hoover hunted down and threatened anyone who made insinuations about his own sexuality. He also spread unsubstantiated rumors that Adlai Stevenson was gay to damage the governor’s presidential campaign. His secret files contained surveillance material on Eleanor Roosevelt’s alleged lesbian lovers, which some speculate was for the purpose of blackmail—as well as material on presidents’ liaisons, including those of John F. Kennedy.
I don’t trust an organization that pronounced “that there was no such thing as organized crime in America.”
Hoover testified in the earliest stages of the Warren Commission hearings. Francis W. H. Adams was a New York City Police Commissioner and served as Senior Counsel to the Warren Commission. Francis Adams stated that he thought there was more than one individual involved in the Kennedy Assassination based on the evidence available to him during the time of the Warren Commission and that the others on the commission were eager to please the men who were covering up the murder of John F. Kennedy:
http://en.wikipedia.org/wiki/Francis_W._H._Adams
“Privacy is dead. Don’t we all feel so much safer for that?”
This involves two important steps In Naomi Wolf’s Fascist America, in 10 easy steps:
1: Invoke a terrifying internal and external enemy
4: Set up an internal surveillance system.
8: Control the press
10: Suspend the rule of law
[…] I, Cringely – Privacy is dead and here’s how […]
The Cringeman is caught up in legalism and the expense of realisism. He obvously has latent statist tendencies. What is realistic is that this “law” has been routinely ignored for almost 20 years now. Some “laws” deserve to be broken out of respect for higher law. The “personal effects” clause of the fourth amendment is the higher law and it is the best defense against stupidity like this. We need more bravery expressed in the higher morality of breaking stupid “law.” The Cringeman is too cringe-worthy to take such a moral stand and be an advocate of common sense and righteous civil disobedience.
That’s extremely unfair. Cringe is discussing “what is,” not what he prefers, nor did he make a case that this is as it should be.
Anyway you can prattle on as you like about the higher laws of the land; the reality is in the implementation of those laws. There is not nor has there been a reasonable expectation of privacy in regard to data given to third parties.
Whatever you or I think about the Constitution (and believe me, I also believe it is horribly abused), the social reality lies in how the courts interpret it and how that becomes legal doctrine, and while we can be principled our society (wisely in my view) does not respect a “majority of one” principle. Further, it has been widely established that few, if any, rights are absolute. From “don’t yell fire in a crowded theater” to the details of the Supreme Court’s recent establishment of a definitive right to own a gun on an individual level, there are constraints, in no small part because there is the need to navigate the many nuances and practical issues in assuring said rights to the satisfaction of society at large, let alone that the various rights and duties inherently create tension, especially when we face such as assuring public safety versus assuring individual rights.
I have yet to meet an ISP that was actually CALEA compliant. Sure some of them say they are. Some of them even try to be. Most though just do the bare minimum to give law enforcement what they actually ask for which isn’t much in the first place. The usually request is to determine what customer was using a certain IP at a certain time. Sometimes you will get the occasional SPAN port request.
All the doom and gloom about CALEA is really just vendors trying to scaring into buying their crap products and services.
Just don’t blame the ISP’s for having to comply with the law – we are threatened with severe penalties and jail time for non compliance!
Just following orders, huh?
How noble of you.
Hey, Bill, take a stand, no worries – Larry here will feed your family and shoot up the jail to free you.
How noble of him.
so let me get this straight… we have a draconian network of spies and lies set up to snoop on people looking at cat pictures on the Wacky Wacky Webbiepoo? God forbid they actually catch somebody ordering socks online!
You better get used to your boring life, then.
But this country was founded on the idea, when the government becomes just too crazy, that I and a bunch of like-minded people can buy assault weapons instead of socks. Governments are instituted among men, deriving their just powers from the consent of the governed, and the ultimate method to express your consent is with extreme violence. When everything I do is cross-linked and quantified, then it makes it tricky to accumulate enough weapons and organization to pull off a successful revolution.
You clearly won’t be part of the revolution, but I want to have that option.
In point of practical implementation, Bob F has it correct from the many folks I know working in telecom and related types of providers. It’s also a tricky matter where they want to technically comply but also want to dodge all possible liability, the latter being achievable primarily only if they remain “technically” ignorant of what customers do in detail.
–
However, as to this point of privacy, people should bear in mind that even pre-digital there is NO EXPECTATION OF PRIVACY FOR DATA YOU GIVE TO A THIRD PARTY, and further there isn’t even an expectation you’ll necessarily know if law enforcement is using said data. This was true from, explicitly (but in practice even earlier), a 1970s court ruling that was about data shared, and anyway the expectation of privacy had never been established. Unsurprisingly, if you ask me; the more shared with a third party, it’s obvious that it can be reused if one only pays attention to the news at all or even popular fiction and then follows up on the reality underlying that; consider this, if there were an expectation of privacy with 3rd parties, why would we have such specific exceptions for information shared with doctors (even then not in all circumstances) and spouses? It’s like not knowing your rights as given in the Miranda warnings, you’re a fool if you don’t.
–
Although I understand how people don’t know the specifics of such as this document shared by Cringe, I don’t understand how people don’t do the simplest research to understand their (lack of) privacy and (ostensible but effectively often circumvented) rights. There’s fundamentally no revelation here (which isn’t the same as saying this isn’t a service, and thank you to Cringe for authoring this blog on this topic).
– (pardon dashes between paragraphs but line returns without content aren’t functioning properly for some reason)
PS – just so people can check if they don’t know, the third-party records doctrine and the 1970s case (actually cases) mentioned can be referenced at https://www.abajournal.com/magazine/article/the_data_question_should_the_third-party_records_doctrine_be_revisited/ : “That question is at the heart of the “third-party records doctrine,” which has provided guidelines for criminal investigations since the late 1970s. In essence, the doctrine holds that information lawfully held by many third parties is treated differently from information held by the suspect himself. It can be obtained by subpoenaing the third party, by securing the third party’s consent or by any other means of legal discovery; the suspect has no role in the matter, and no search warrant is required.”
Note that the reference is to a journal, rather than a court opinion. Journal articles do hold some weight, but are not remotely binding on judges.
The article offers “two sides”, but neither argues on behalf of make-everything-easy-for-law-enforcement viewpoint; within that URL, even the less-privacy advocate agrees that your electronic content should remain private. He (in effect) says that the ISP can be called as a witness about when you sent how much data where — but still shouldn’t be expected to reveal (at least without a warrant) what the data *is*.
Precedents allowing full eavesdropping almost certainly also exist, but are more recent and less well-known.
There are multiple articles on the topic of security. This one was very interesting about the Post office. https://www.nytimes.com/2013/07/04/us/monitoring-of-snail-mail.html?hp&_r=1&pagewanted=all&
People are missing the facts. Privacy as we imagine it is gone. Gone people. There is no, “we should stop this”, it is gone and not coming back.
Suppose you took $100 in 1’s and threw them out the window of a New York Taxi on a busy Manhattan street. That is your privacy, it is gone and your not getting any back.
What is really bad about this is that with any program where people are allowed to be part of it there is always someone who can somehow abuse it and use it against someone whether right or wrong and ruin a persons life if they want to without proper justification. And getting it corrected can be almost impossible once something is established in the cyber world. Try getting an error on your credit report removed as an example!
And a good morning to you Bob (and everyone listening)!
I had been wondering why it was getting so hard to have two devices talk directly to each other anymore and why there had to be men in the middle on every transaction.
It started when I was in a cafe, and I wanted to exchange a git tree with a co-worker – but we couldn’t “see” each other’s laptops due to wifi “AP isolation” so we had to send the files to github and back instead of the far more efficient “git clone git://myfriendslaptop.local:files.git”…
We’re told this is a feature to “protect customers from network worms”.
adhoc-mode (a feature of wifi since day one) is disabled on android, making classic forms of mesh networking (batman, babel) impossible….
We’re told this “saves power”.
I had wondered why, open wireless access points were – first – discouraged by all means legal and social, possible, and now the few open access points you run across are controlled by centralized entities, which demand a (paid for) login, but aren’t encrypted in any way….
We’re told this provides “better service” – but I clearly remember wifi working better 6 years ago, when all I had to do was wardrive a bit for a signal, than it does now.
and… I HAD wondered why it was so hard to get into the ISP business nowadays, particularly with a WISP, and discovered that due to the quality of the tools for calea, and the limited power of the hardware, it was impossible to meet those demands cost-effectively on the customer premise. (see opencalea.org). So I’ve abandoned any thoughts towards doing that.
and… I keep wondering why the public conversation has been about “which email service to use”, rather than about: “how to setup your own damn email, in your home, where you have a few protections left.”
And lastly now I understand why there are so few ISPs left standing. Once you are tied to a cable plant, and attached to the internet, you MUST comply with these snoopy laws. We had none of this nonsense when I started my first ISP.
Now, too, perhaps I also understand exactly why skype was worth what it sold for, to certain parties.
ALL that said, I don’t understand the scope of the current keruffle over the Snowden revelations. Is it because the NSA is POing mexico and france, and not because the average citizen is already f–ked?
Calea has been in place and its scope ever-expanded since 1994. And now we are all carrying devices that can locate us down to a meter, built from sources we haven’t seen, with batteries we cannot remove, and power buttons that are soft.
We have always been at war with EastAsia.
Sign me:
Name (required) Email (required) Website (required)
A purse snatcher named Smith became obsessed with the woman he mugged, and began terrorizing her with threatening phone calls. A subpoena issued by the prosecutor, allowing a pen register be attached to Smith’s phone line for two days is NOT legal Justification for NSA spying on virtually ALL Americans 24/7 :
https://www.wired.com/threatlevel/2013/10/nsa-smith-purse-snatching/
“When they started quoting Smith in the NSA investigation and inquiry, I was flabbergasted,” says James Gitomer, who was one of Smith’s two lawyers at the Supreme Court. ”I don’t think this case should be used as the foundation to justify the NSA. It doesn’t apply.”
To understand how a purse snatching led to the NSA’s controversial program, you have to look at Smith’s behavior after he made off with his victim’s bag. Smith became obsessed with the woman he mugged, and began terrorizing her with threatening phone calls after the robbery.
The victim called the police, and told them she’d spotted the purse-snatcher’s car driving past her residence. A beat cop started patrolling the area. According to court records, that cop happened to be in the vicinity of the victim’s residence when Smith himself accidentally locked his keys in his car. He sought the assistance of the officer to help him unlock the door of the Monte Carlo.
Smith’s co-defense attorney, James Gitomer ,The officer “took the license number of the vehicle, learned that it was registered to … Smith, and so notified other investigating police officers,” according to records.
That’s where things got interesting from a legal point of view. Using a subpoena issued by the prosecutor, and not a probable-cause warrant signed by a judge, the authorities demanded that the local phone company begin making a record of every phone call originating from Smith’s home phone.
The pen register was attached to Smith’s line at the phone company central office for two days, and it showed him dialing the victim’s number, providing all the evidence police needed for an arrest.”
The press is under control:
https://www.theguardian.com/commentisfree/2013/oct/14/independent-epitaph-establishment-journalism
Nothing to see here, move along, move along. https://www.huffingtonpost.com/2013/09/09/nsa-steve-jobs_n_3895375.html
Nothing to be concerned about.
https://www.techdirt.com/articles/20130614/12173323472/why-tech-industry-should-be-furious-about-nsas-over-surveillance.shtml
Hey Bob, we have another text blocking problem. For the past few months I could enlarge the text to make it more readable and it flowed properly and was not blocked by anything. Today I noticed that as soon as I zoom in at all, a green box pops in from the left and blocks part of the text. Makes it very hard to read comments, since I can’t use Readability for them.
There’s a fix posted for Firefox, at least:
.
https://support.mozilla.org/en-US/questions/971146#answer-492700
.
Hopefully Jennie will remove the offending code … we finally got rid of the previous floaties …
Come on! No article on HelathCare.gov yet? Where’s our good’ol Cringely??
[…] https://www.cringely.com/2013/10/21/privacy-dead-heres/ […]
Something more to think about, is this the reason for the slow (stagnant) adoption of IPV6 and fixing the buffer bloat problem? It also explains why ISPs don’t like home servers. Is it coincidental that the tech industry is moving toward all data in the “cloud” (SAAS, PAAS, etc) and removing the personal (home) desktop options?
More likely, the lack of privacy and all the other issues you mentioned are all based on their individual financial considerations. The Internet is partly financed by advertisers willing to pay for marketing data.
[…] From: cringely.com/2013/10/21/privacy-dead-heres/ […]
What evidence is there of any sort of privacy policy at yahoo or google that keeps employees from reading people’s email?
Apple only started to allow the NSA spy on thier customers after Steve Jobs died but the NSA has the nerve to call Jobs ‘Big Brother’ and Apple customers zombies:
https://www.huffingtonpost.com/2013/09/09/nsa-steve-jobs_n_3895375.html
The NSA does seem to like those smart phones:
https://www.spiegel.de/international/world/how-the-nsa-spies-on-smartphones-including-the-blackberry-a-921161.html
NSA Spied 124.8 Billion Phone Calls in a Month:
http://cryptome.org/2013/10/nsa-125b-calls.htm
“Most ISPs I know hire as many folks as they can at or near the minimum wage, which is not to say that poorer people are less ethical (heck, they are probably more ethical).”
The challenge isn’t that the minimum wage employee is more likely to handover information to criminals; it’s that their financial challenges make it easier and / or cheaper for criminals to get them to hand over information. Now, I haven’t heard of anything like this occurring (bear in mind that negative anecdotal evidence is just as bad as positive anecdotal evidence), but is this because it is not occurring, or because no one is looking for it ?
hth
Bob said “Late at night can’t you imagine that somewhere some tech is reading his girlfriend’s e-mail?” That’s fine with me. I’d be more concerned if he was reading someone else’s girlfriend’s email. And judging from the size of my quarantined spam folder, I’m sure glad my ISP is reading all my email…now if only I could get the Post Office to read my dead tree mail and sort out the spam.
The internet is like a Vietnamese village – the government has to destroy it in order to save it.
The Rally Against Mass Surveillance – run by a coalition of over 100 public advocacy groups known as Stop Watching Us – will take place Saturday, October 26 in Washington, D.C. Thousands are expected to attend the event, where organizers will deliver a petition to Congress signed by more than 500,000 people opposed to the NSA’s policies.
Stop Watching Us Video :
http://m.youtube.com/watch?v=aGmiw_rrNxk&desktop_uri=%2Fwatch%3Fv%3DaGmiw_rrNxk
Hey Bob,
How bout your take on the government healthcare website fiasco.
Inept IT contractors?, unrealistic expectations?, too much client meddling?
WTF!
Everyone lies. {Thanks to Dr. Gregory House}.
What is privacy, really? Is it the right to have others not be able to examine what you are doing, or is it the reality of others not examining what you are doing? In principle, the first should apply, in reality the second does.
I would argue that the first has long been gone, if it ever really existed. The second continues to be in play most of the time for most of the people. If that’s true, the real danger is of being identified as a false positive, which is very worrisome indeed.
One word: Steganography. In an age of ubiquitous surveillance, if you want to keep your messages private, make them look like something entirely unlike a message. Like, for instance, a cat picture on Reddit. Maybe that explains something.
http://en.wikipedia.org/wiki/Right_to_privacy
http://law2.umkc.edu/faculty/projects/ftrials/conlaw/rightofprivacy.html
[…] Privacy is dead, and here’s how The Wireless Internet Service Provider Association’s “WISPA CALEA Compliance Guide” details most of the rules that wireless Internet Service Providers are required to follow by CALEA — the Communications Assistance for Law Enforcement Act of 1994. These rules, variants of which apply to all telcos and to ISPs of all kinds (not just wireless), say what those companies are required to do to comply with the law. More directly, it specifies how they can be required to intercept customer communications and relay that content to law enforcement agencies. If you think your Internet communications are private, they aren’t. If you wonder where privacy appears in this document, here it is: 1) the ISP is not allowed to tell you that you are being snooped on (enforcing the privacy of law enforcement); 2) if multiple law enforcement agencies want to read your e-mails or listen to your VoIP calls (both are specifically covered) the ISP is required to not tell any of those law enforcement agencies about the others, and 3: there is no three. Customer privacy is never mentioned in the document. Quelle: I, Cringely […]
To those that referenced buying guns when unhappy with the government- at some point you will turn in your guns. The government will pass laws that impose life sentences upon anyone caught with a gun and almost everyone will hand in their guns. If I had one hidden or not I would not risk life in prison for a gun even though in a sense I would be imprisoning myself in doing so.