Update on ECPA reform: Last time I commented that it was problematic to give such strong protections to terrorist emails on American corporate-run servers. Well, it turns out ECPA reform backers are listening, and have pointed out to me that FISA will work just fine in those cases. Fair point. I still don’t think the law makes sense, but at least it’s not too terribly harmful.
This tutorial to “NSA-proof your email” is all wrong. All wrong. You NSA-proof your email by using end-to-end encryption, not by using transport level encryption. Hosing your own email is a great idea, mind you (it makes the ECPA-related issues moot), but NSA can still spy on you all they want if you follow that webpage’s instructions.
Continue reading »