0 Friday, December 07, 2012

Big brother is watching; email security question

by Kelly Ferguson

The United States government can download and read any of your emails and store them without ever notifying you. Fox said that personal messages between parents and teachers or doctors and medical records are among the documents that are subject to search. The laws on these searches face possible change depending on the outcome of the Electronic Communications Privacy Act discussion that took place last week.

Fox addressed the issue of abusing the ability to view people’s personal information through the Internet and said that recent numbers suggest a big problem.

At the beginning of November, Google released its transparency report stating that in just the first half of 2012 Google received almost 21,000 government requests for user data. These numbers reflect more than a 50 percent increase from 2010. Fox said that the United States government made more than one-third of the total requests for information.

Sophomore Kaitlin Evans said she thinks the government should not have access to any information without a proper warrant.

Google is not the only source having to hand over information to some form of authority. Fox said that U.S. cell phone carriers reported 1.3 million cases in which law enforcement demanded text messages and/or location information from users in 2011. According to Fox, a lot of the information has been accessed with no proper court order.

Sophomore Jon Gulley said that the government should only be able to access user data when the information has the potential to harm others.

“It is my belief that companies should not be forced by the government to give out their user’s private data,” Gulley said. “In all but the most extreme cases there should be no need for governments to steal from someone to incriminate them. It is not fair to the companies [and] not to the users. The companies lose credibility with their clients, and the clients have their trust that their [information] will remain theirs, violated. I understand that there are cases when it is necessary to protect many that the privacy of one must be sacrificed but these cases are few and far between.”

Junior Emily Lundblad agreed and said that though people have a right to privacy, if their private communications can be dangerous to other citizens it should be noted as public information.

Not all seizures of information are without reason; Fox claims some are in fact used for missing persons and evidence in police investigations.

The purpose of the Electronic Communications Privacy Act is to set definite rules for the boundaries law enforcement agencies must remain in when requesting information. Fox said that the biggest dilemma in this area is the fact that email wasn’t around when the ECPA was written in 1986.
When email first became a form of communication it was primarily used through people’s private home computers. 

A subpoena was all that law enforcement agencies needed to present to access information left on host servers for over 180 days at which point it was considered abandoned or trash. Now, however, Fox said that it is common for people to have more storage on their computers, making it easier and easier to leave old information on servers.

“As an individual, I don’t like the idea of my personal email being surrendered over to who knows whom and my privacy being revoked,” senior Lacey Cruise said. “However, I do see the public safety issue in it on the government side as well.”

Cruise said she feels that the Fourth Amendment (which states that warrants for information shall only be issued with probable cause) should be followed closely in these instances.

Summer 2012 Oklahoma Christian University switched email hosts from Microsoft Exchange to Google. One of the benefits of switching hosts is that emails are no longer stored on OC servers. Gulley said that data, in this case email, is encrypted before being stored to Google servers, a standard practice for Google.

“The only ones with access to the information would be those with the log-on information for the [email] account, those who manage the service, and possibly those with physical access to the servers if the data is not encrypted,” Gulley said. “If [the data] is encrypted, then [someone accessing information from a server] could copy the encrypted data but they wouldn’t be able to know what it is unless they had essentially a supercomputer to break the password with.”

Gulley said that the actuality of creating a supercomputer to break into email accounts and servers is possible but not feasible.

Another area of privacy (or the lack thereof) addressed in Fox’s article is in social media. While users have privacy settings on each of their social media and networking sites, the sites are publically owned media outlets. Each social media site has its own user terms and conditions in regard to privacy and privacy settings, but some say that users seldom read this information.

“People are intimidated when they see a lengthy document that they do not take the time to read it,” Lundblad said. “I know I am guilty of this, but I do [think] that in the fine print, the truth comes out.”

Information is only as private as the user makes it. Gulley suggested using a mixture of numbers and symbols as well as capital and lowercase letters in passwords, as well as using different passwords and usernames for every account.

He also said that users should frequently check their privacy settings to see if the unread terms and conditions statements have affected your personal settings.

Photo by: Nick Conley

Bookmark and Share