Tuesday, August 20, 2013


The Reality - Email Privacy or the Lack Therefore

by Reb Akiva @ Mystical Paths

Today a top law blogger freaked out after realizing that their emails can be read and monitored...

"The owner of (a encrypted protected email service that just shut down) tells us that he's stopped using email and if we knew what he knew, we'd stop too.  There is no way to (blog) without email. Therein lies the conundrum.  What to do?

...the simple truth is, no matter how good the motives might be for collecting and screening everything we say to one another, and no matter how "clean" we all are ourselves from the standpoint of the screeners, I don't know how to function in such an atmosphere.

I feel (unclean), knowing that persons I don't know can paw through all my thoughts and hopes and plans in my emails...  They tell us that if you send or receive an email from outside the US, it will be read.  (And many emails inside the US are accidentally picked up by those capture engines.)  If it's encrypted, they keep it for five years, presumably in the hopes of tech advancing to be able to decrypt it against your will and without your knowledge.

I hope that makes it clear why I can't continue. There is now no shield from forced exposure. …no one can feel protected enough from forced exposure any more to say anything the least bit (controversial or security related) to anyone in an email, particularly from the US out or to the US in, but really anywhere. You don't expect a stranger to read your private communications to a friend. And once you know they can, what is there to say?"

Much of the Internet and the abilities we take for granted today were never conceived to be the large world-wide network they have become today.  Email, as used today, and it’s base protocol (SMTP) are not encrypted and follow the normal network routes to get where they are going.  The term “email” is a mistake, because it’s NOT a sealed letter – it’s a open postcard (an open sheet of paper with an address on it).

This means:

- The sending post office and receiving post office can and do read the sending and received address AND the full content.

- Every network it passes through along the way (remember, the “Internet” is all cross connected networks”) can also capture and read the sending and receiving addresses AND the full content.  (Today the average number of networks things pass through are 8-16.)

- All the little people along the way that operate all the stuff that makes this happen, such as system administrators, database administrators, network administrators, have all the tools in front of them every day as part of their jobs to read any of this stuff they want to.

That’s been the case from day 1 with Internet email.  NO public free email service NOR any service offered by any Internet ISP encrypts email traffic or storage.  It’s all traveling and sitting on open unprotected readable pieces of paper (so to speak).  The ONLY protection has been “privacy policies” of the companies and them being shamed (and losing customers) if they didn’t provide a reasonable semblance of isolation of your emails.

Even so, YOU have voluntarily given them the right to “paw through your data” since day one, and much worse!

- Your emails are being automatically scanned by Google / Yahoo / Microsoft Hotmail-Outlook.com, "to serve you ads and understand their customers."  Note the ads displayed on the email pages are context sensitive to the email being read, this doesn’t happen by magic but by your email being auto-scanned for keywords.

- Your phone location (meaning your body’s location) is being sent to Google and Apple, "to provide better mapping services and location based app responses (letting an app know where you are to tell you about something near by)."  You can’t turn on GPS / Location Services without giving them permission to track you moment by moment. 

- If that’s not enough, the cellphone service provider logs every call, who you called or who called you (number on both ends – which you see on your phone bill) AND the approximate location of your phone when the call began (tracked by which cell tower you connected to and the strength of your signal, meaning how far from the tower you are – combined with where the other towers are near that one this can be used to narrow your location to within 1/10 of a mile).

- Of course, every SMS is logged (source and destination) as well.

- Your office computer is tracking what web sites you browse, in some cases what programs you are running, in some cases even how fast and what you are typing, and reporting it to your IT department and/or your boss.  If you are visiting whatever your office considers improper sites, the IT department and boss are being alerted.

- Your office emails are being scanned for improper words and phrases (sexual, harassing, racist, violent, threatening), alerting the IT department and your boss if there's a hit.  They may also be scanned to see if you are sending out company proprietary information.

- Anytime you access any Google or Yahoo or Microsoft service, or for that matter any web site that chooses to collect the data, they know from where you did it (by IP address – which if correlated with the ISP will give a physical location down to where the connecting router is or actual cell location) and from what type of equipment you did it.  Are you at home or in the office, on a desktop workstation, laptop, iPad or Galaxy phone, running Windows or a Mac or iOS or Android, which browser, and what size screen.  This information can be obscured (with special fully legal utilities) except for the IP address, which can be via a VPN or anonymous service (also fully legal).  But few people do so (and because few people do so, there’s a suspicion about people who do.)

Nothing is new with any of this.  These are all a basic part of the operating model of all of these services from day one.  If you wish to avoid it, you have to avoid using these services.  (There are a few alternatives that theoretically offer protection, privacy or lack of logging – naturally such services are costly.)

However, there has been a FAÇADE of privacy and protection.  And there has been a general thought that given the huge amount of such data, there may be anonymity and protection through obscurity.  The façade has always been false – the data has always been easily accessible.  And if it exists, police or courts or other authorities will go after it if it’s in their interest to do so.  (There are companies who intentionally limit their logs of such things to 2 weeks or 3 months, to prevent them being called into any court case.)

The big deal now is that the U.S. government has joined the game and is, via various means, grabbing or monitoring some of the data above.  And with new levels of computer processing power and “BigData” huge data set analysis techniques, Big Brother isn’t occasionally poking in to take a look – he’s constantly monitoring.

Given that the companies involved have basically being doing the same since day one, the primary change is that the façade has been blow away.

As we come to Rosh Hashana, the Jewish New Year, which is also the beginning of the days of judgment, we say “there is an Eye that sees, an Ear that hears, and everything is written down in a book.”  This is to let us know that we should always act as if G-d is looking over our shoulder.

Today we can amend that statement:  There is an Eye that sees, an Ear that hears, Google that searches it, and the NSA monitoring it.

There are ways to reduce exposure without completely eliminating use of such services.  But if you’re using Google or Microsoft or Facebook (or other such web sites or phone services), assume EVERYTHING you do is completely 100% public.  Email, chat, SMS, sites you browse, pictures you share – besides it all being tracked from Above, it’s now also all being tracked from Below… and correlated, and profiled.


  1. So, I'm taking away from this: We had better be proud of whatever we're doing because there isn't any way to overcome Big Brother today unless one lives in a remote area without a computer and never goes outside! If we're embarrassed by what we believe, write or think, maybe we ought to think about why that is and correct whatever we have to. Otherwise, it could turn to blackmail and G-d knows what else...

    CDG, Yerushalayim

  2. ...or better yet, be happy with what we're doing...

    CDG Yerushalayim again...

  3. Good post. Certainly this is the 'nistar'. The 'galui' is that we already live in an age where etiquette and manners have been thrown out the door and seemingly private messages can be forwarded to others, or screenshot and then shared, and you can write a message to someone and add a secret listener through the BCC.
    Everything is registered and virtually nothing deleted (Facebook must have incredible servers to keep all these statuses and likes recorded).


Welcome to Mystical Paths comments. Have your say here, but please keep the tone reasonably civil and avoid lashon hara. Due to past commenting problems, all comments are moderated (this may take a few hours.)

Your comments are governed by our Terms of Use, Privacy, and Comments policies. We reserve the right to delete or edit your comments for any reason, or use them in a future article. That said, YOU are responsible for YOUR comments - not us.

Related Posts with Thumbnails