Gmail

PuterTutor said:
Like your ISP can't read your emails now? Get real people. Your ISP reads em, The FBI reads em, email is not secure, don't fool yourself into thinking it is.

I doubt your ISP has the time to sit around and read your e-mail.
 
rrfield said:
I doubt your ISP has the time to sit around and read your e-mail.

The time to sit and read everything? No, probably not. The time to scan everything for certain words or phrases? You bet they do. Along with the ability to read whichever ones they want, randomly. My point is simple, people think email is secure, it's not.

Want to read something really scary?

http://www.fbi.gov/congress/congress00/kerr090600.htm
 
PuterTutor said:
The time to sit and read everything? No, probably not. The time to scan everything for certain words or phrases? You bet they do. Along with the ability to read whichever ones they want, randomly. My point is simple, people think email is secure, it's not.

Want to read something really scary?

http://www.fbi.gov/congress/congress00/kerr090600.htm


And don't forget that every word of your emails goes through their server, so they could scan every single word of every single email. That's why the smart people use PGP. Even if they have your key, they'd have to decode every message before scanning it. That jumps the possibility of scanning every single word of every single email to near impossible. They'd have to have a damn good reason before they'd dedicate that level of horsepower to the job.
 
Then again, would the fact that someone decided to encrypt a message be enough of an alarm bell for an organisation to check the mail, or at least call the authorities if it looks "dodgy". Just a thought.
 
PuterTutor said:
The time to sit and read everything? No, probably not. The time to scan everything for certain words or phrases? You bet they do. Along with the ability to read whichever ones they want, randomly. My point is simple, people think email is secure, it's not.

Want to read something really scary?

http://www.fbi.gov/congress/congress00/kerr090600.htm

I'm aware of Carnivore and how it's been ruled constitutional using the Patriot Act and old wire-tap laws, despite e-mail being a packet-switched technology while phones are circuit-switched. The wire-tap laws should not apply to e-mail because of how traffic flows in a packet-switched network as compared to a curcuit-switched network, etc. etc...

Unless an ISP has been ordered to do so I don't think they are going to scan every e-mail. It's too time consuming. I work in an IS department in a company with just under 500 employees. We have three of them fancy e-mail servers. Setting up a program to scan e-mails for certain words is not very hard to do. Now, consider the output. We have filters setup to catch spam and viri. Everytime this happens, the program sends an e-mail to a specified address. Guess how often this gets checked? Almost never, the volume is way too high to justify doing this, it could be a full-time job.

Now consider an ISP, potentially with thousands of subscribers. How many people are they going to assign to reading the output from these filters if they aren't required to by law? The ISP is not going to waste money paying someone to sit and read two sports fan's chatting about a football game ("I can't believe he caught the bomb!") or a farmer e-mailing his manure supplier unless they are forced to by a gov't agency.

They have the cabability to read random e-mails, sure, that's easy. I could read any e-mail that comes through our network with no trouble at all. Do I? No, I have too much other stuff to do; my bosses would be pretty pissed off if I wasted time doing that. Why would an ISP be any different?

Frozzy is right that they could just as easily scan for encrypted messages. PGP, however, is exactly what it says...pretty good. Not 100%, not great, pretty good. It can be broken. Any encryption CAN be broken. DES has recently been cracked. AES and 3DES have not, but that doesn't mean they won't be.
 
Encrypting just one message with PGP might be a sign... but if someone encrypts every message he sends that way, then it would be less of a sign.
 
Actually, it would be just as dodgy from the ISPs perspective if you continuously churn out encrypted messages.

Having said that, if they decide to check an encrypted message, then realise it's just the sender being rather fussy about not encrypting, I'm sure the ISP would be more likely to turn a blind eye to it in future.
 
Back
Top