A lot of new developments in the warrantless wiretap scandal. A FISA judge has resigned in disgust. A Reagan-appointed former DoJ official calls the President a clear and present danger. And the NSA admits they have on rare occasions tapped entirely domestic phone calls, because sometimes people calling to or from international cell phones while those phones are in the USA would see the traffic go overseas and come back again. I have made such calls to Europeans and Australians visiting the USA.
So they can’t spot those calls as domestic and thus are performing surveillance on them. But what about E-mail? With E-mail, it’s a great deal harder to identify where the parties are, and what citizenship they hold. In some cases, almost impossible.
And more to the point, E-mails between two U.S. persons will quite often go through international servers. Unlike phones, where it’s expensive, anybody who travels outside the USA for long enough to warrant an E-mail address out there can easily keep it and many do. There’s not even a big reason for multinational ISPs to avoid routing messages to servers in Canada or other places. I maintain aliases on my own domain for all my family, for example, though most of them are not in the same country as the server. I am not alone.
Further, it’s likely that the order of surveillance they have done on E-mail is vastly greater than on phones. For the NSA, monitoring of all unencrypted E-mail — all of it — would be only a modest amount of work. We used to joke in the old days about putting NSA traps in our messages, see this thread from 21 years ago on the topic, and many others if you search for it. If enough people put those in messages, it would overload the systems, we mused.
Back then we were mostly kidding around. Today we have reason to be scared. And it’s time to put opportunistic crypto into E-mail as I detailed years ago, by default. (Since then, some projects to do this have popped up — One from Simson Garfinkel and another from PGP. MS Outlook also does it, but with an untenable user interface.