It's been years since the spam wars were at the front of the debate, but all the salient points from then remain salient today: when you let unaccountable third parties see your mail and decide which messages you can see, the potential for mischief is unlimited.
Read the rest
Ladar Levison -- persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden -- has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service.
Read the rest
Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.
Read the rest
Jeff Reifman's posted a video explaining more about his next-generation IMAP-filtering email project, Simplify Email.
Read the rest
Libby writes, "Today the Free Software Foundation is releasing Email Self-Defense, a guide to personal email encryption to help everyone, including beginners, make the NSA's job a little harder. We're releasing it as part of Reset the Net, a global day of action to push back against the surveillance-industrial complex.
The guide will get you encrypting your emails in under 30 minutes, and takes you all the way through sending and receiving your first encrypted email."
Email Self-Defense - a guide to fighting surveillance with GnuPG
Jeff writes, "Filtered is a new free/open source IMAP mail filtering application which provides automated routing of email based on per sender settings. You can train Filtered via its web UI or by dragging and dropping email to folders in your email account. Filtered can also learn from the contents of your existing folders."
Read the rest
Ars Technica interviews Ladar Levison
, founder of the recently-shuttered secure-er email service. They focus on the logistics and architecture of fed snooping. Levison: "I don't know if I'm off my rocker, but 10 years ago, I think it would have been unheard of for the government to demand source code or to make a change to your source code or to demand your SSL key. What I've learned recently makes me think that's not as crazy an assumption as I thought."
Britain's largest ISP, British Telecom, has ragequit Yahoo! after learning that the internet giant had bought beloved microblogging site Tumblr. Just kidding! It's actually sick of its customers' Yahoo-provided email accounts getting hacked.
Texas is on the verge of passing legislation that patches a hole in federal privacy law. Under the 1986 Electronic Communications Privacy Act, no warrant is needed to spy on email once it has been opened, or if it is unopened on a server for more than six months. The Feds have fought efforts to reform this antiquated law, which the DHS and its affiliated snoops rely upon to conduct mass-scale, warrantless surveillance. The Texas law is somewhat symbolic (since it won't stop Fed snooping), but it's still an important step toward establishing a better norm in privacy standards for files on cloud-based services:
On Tuesday, the Texas bill (HB 2268) was sent to Gov. Perry’s desk, and he has until June 16, 2013 to sign it or veto it. If he does neither, it will pass automatically and take effect on September 1, 2013. The bill would give Texans more privacy over their inbox to shield against state-level snooping, but the bill would not protect against federal investigations. The bill passed both houses of the state legislature earlier this year without a single "nay" vote.
This new bill, if signed, will make Texas law more privacy-conscious than the much-maligned (but frustratingly still in effect) 1986-era Electronic Communications Privacy Act (ECPA). With the ECPA, federal law enforcement agencies are only required to get a warrant to access recent e-mails before they are opened by the recipient.
As we've noted many times before, there are no such provisions in federal law once the e-mail has been opened or if it has been sitting in an inbox, unopened, for 180 days. In March 2013, the Department of Justice acknowledged in a Congressional hearing that this distinction no longer makes sense and the DOJ would support revisions to ECPA.
Unprecedented e-mail privacy bill sent to Texas governor’s desk [Cyrus Farivar/Ars Technica]
America Online has developed a web-based email service called Alto (altomail.com), and early reports sure sound promising. Alto is not a new email provider (no @alto.com email addresses, at least not yet), but an inbox-replacement for your current email address(es). Read your Gmail, Yahoo, Mac, or other accounts; import Facebook, LinkedIn and Twitter messages. Nicholas Carlson at Business Insider has a review. Mat Honan at Wired gave it a whirl. Daniel Terdiman at CNET liked it. The service is launching as a private beta, with public availability sometime in Q1 2013. Alto is free for now, but expect ads or a paid "premium" option later on. It's browser-based, and there's an HTML5 version optimized for iPad (and, presumably, other tablets).
(Screengrab from Business Insider's review.)
Workers in Brazil who must answer work emails on their mobile phones after their job shift ends can qualify for overtime pay under a new law. The Star
via Slashdot (via @evgenymorozov).