Time to start sending hand-written extracts of the Voynich Manuscript on postcards to any activists you know. It'll be decoded in no time! Likewise, Linear A and Rongorongo.
Going lo-tech to avoid NSA snooping? Unlucky - they read snailmail too
Privacy-conscious US citizens looking to go retro in the wake of the ongoing controversy about PRISM-related snooping and the NSA harvesting metadata on an industrial scale will find little refuge in snail mail. The New York Times reports that the United States Postal Service photographs the exterior of every piece of mail …
-
Thursday 4th July 2013 11:34 GMT EddieD
Americans playing catchup...
In "Spycatcher" Peter Wright details all the tricks they used for mail tracing in the 50s and 60s - and the various techniques used for extracting letters from sealed envelopes, using thing tweezers to roll the contents up, for example, and solutions they could use that would render the envelopes transparent/lucent.
Apparently one Trade Union leader (a card carrying commie) used to preface all official letters with a salutation along the lines of "Hello MI5 you prying bastards"
-
-
-
Thursday 4th July 2013 12:28 GMT Annihilator
Re: Photograph THAT !!!
You mean RM4SCC? Hardly a state secret and easily decoded. First thing Royal Mail do when processing mail is to OCR the postcode (and throw out anomalies to a human) and stamp it on as a more easily readable delivery address – all subsequent routing uses that instead of OCR. Stamping it on in red ink makes for an interesting time around valentines day though.
The bores of a day trip to a royal mail sorting office during school years :-|
-
-
-
-
-
-
Friday 5th July 2013 00:36 GMT Mr Booth
Re: I believe OCR is used for sorting the mail
Actually, of more interest to marketers. I used to work for a postal company, and the OCR machines we had were Siemens (yes) integrated mail processors (IMP). They could pretty much do everything. OCR readability was pretty good, I think the target was about 96-97% of all addresses.
The most interesting thing was that the machines took a photograph of the letter, not just the address and could store it. The main purpose of this was that if there was an address that could not be read, the image was then flashed to a VDU where a human could then input the address and send it back to the IMP, which would then route the letter to the correct sorting bin.
One of the crazier ideas was to create a database of every delivery point in the country, called NAD.. yes... National Address Database and assign an individual identifier for it and store the images for the letters going to each address. As company logos, etc, are often printed (and could be read by the OCR), it would eventually have built up a database on every household that a marketer would give their right testicle/ovary for. We would have known who you banked with, had insurance with, what loyalty programs you were a part of, who supplied your telecoms, power etc...
Fortunately it didn't go ahead back then as storing and sorting that data on a daily basis was going to be very expensive....now, I don't know, the concept would be even easier and cheaper to implement.
It's the not the spymasters, it is the marketers I fear.
-
Friday 5th July 2013 02:41 GMT LateNightLarry
Re: I believe OCR is used for sorting the mail
I remember hearing one time before I retired from USPS that just the financial transactions at all post offices nationwide totalled in excess of one BILLION lines of data ... EVERY DAY.
I need a glass of Cabernet Sauvignon to be able to wrap my brain around that... but alas, El Reg won't let me have one...
-
-
-
Thursday 4th July 2013 22:43 GMT VinceH
Re: hmm ...
Hand sorted... because the optical character recognition sucks.
The optical character recognition (or non-recognition, as the case may be) presumably happens after the address is scanned, otherwise it would suck 100%*. That scan, right there, that's the image for the database - regardless of whether the OCR worked.
* It would be incredibly impressive if it could read the characters before it's been given the scanned image.
Shit my effing brains sideways, I'm starting to sound like a conspiracy theorist.
-
-
-
-
Friday 5th July 2013 14:23 GMT Rampant Spaniel
Re: hmm ...
The senders address is very frequently on the front of American mail, just a cultural difference :-)
As for the marketers mentioned above, I found stuffing the return paid envelopes they send full of free newspapers or taping them to a shoebox with a rock or two in it benefits the post office and your sanity greatly. Our postie loves it, she says the shoeboxes make usps about 40 bucks each in postage that the junk mailers have to pay. Not sure if this is legal in the UK though.
-
-
Thursday 4th July 2013 12:11 GMT Don Jefe
Addressing
The USPS has to deliver mail based on the physical address, not the addressee, so you can put anything you want on the envelope. I used to send letters with the return name Donald Rumsfeld addressed to George W. Bush. I'm hoping one day all the images they've archived will be used for historical research and it really confuses historians and grad students.
-
Friday 5th July 2013 09:19 GMT Anonymous Coward
Re: Addressing
I would imagine that all postboxes collected from are bagged separately as in the UK. This way, you've got a pretty good idea of one of the endpoints and you know time to within the frequency of the collection period and you know exactly where the other endpoint is.
All you need to do is find your "someone of interest" and look at the metadata revealing where communications have started. You'd have to be immensely skilled to be able to choose postboxes and times which seem random, while at the same time not being around any form of CCTV etc. etc.
-
Friday 5th July 2013 16:08 GMT Jtom
Re: Addressing
Don't know about the UK, but residential mailboxes in the US are on the street. If you have outgoing mail, you raise a little flag on them to alert the mail deliverer. If you want to safely post something anonomously, just wait until you see a mail carrier, get ahead of him a bit, pop your letter in someone else's mailbox, and raise the flag. The homeowner won't have time to notice; chances of being on camera is small; when the letter was put in the box would be questionable back to theprevious delivery.
-
-
-
Thursday 4th July 2013 12:16 GMT Anonymous Coward
Encrypted email
I've been trying to get my email encrypted and this certificate stuff is a joke. For example 'startcom.org' is a trusted certificate authority for all the major browsers. Yet its DNS shows only a PO box number:
P. O. Box 1630, Eilat, Israel ,IL
You can get a free email certificate from them,
https://cert.startcom.org/
But they insist on a proper address and lots of personal details. So presumably no PO box address is acceptable.
I don't see why we would use a certificate authority, a first time public key exchange system used in OTR systems and SSH would get rid of this and encrypt email again.
And the NSA won't object because they only collect 'metadata', and not content. Since they're not lying at all, they would have no reason to object if we all switched to SSH style key exchanged email.
-
-
Thursday 4th July 2013 14:37 GMT Anonymous Coward
Re: Encrypted email
SSH is a first time public key exchange system. MOST SSH server has a key which is self signed. A public part of it is given to the client on the first connect, and each subsequent connect the fingerprint of the key is checked to make sure it hasn't changed.
For a man in the middle attack to work, they have to intercept each and every SSH connection, starting from the very first intercept.
If they miss the first intercept then they can't intercept subsequent connects. If they intercept later ones, the key is wrong and the client flags a fake key that doesn't match the original.
It's secure even without a certificate authority, because of time. Time moves forward, by the time you realize you want to intercept a connection, it's already too late the key has been exchanged. You can even make it totally secure by installing the key by a trusted route, making even the first intercept impossible.
However for a certificate authority the new key can be changed at any time, and a certificate authority confirms the new key. So man-in-the-middle attacks on that system are viable if you can create a new certificate. Even after the first key exchange.
So really the only thing stopping an intercept is a company who give only a PO box in Israel as an address.
-
-
Thursday 4th July 2013 17:43 GMT Destroy All Monsters
Re: Encrypted email
Aren't they in your Ericsson Switch?
-
-
Thursday 4th July 2013 18:47 GMT brooxta
Re: Encrypted email
Re StartCom certificates: I guess it's a case of you pay your money and you make your choice, or you don't and you can't.
I've been on a similar path these last few weeks with encrypted email and certificates etc. Seems to me that if you really want encrypted email you need to go down the PGP/GnuPG route and exchange public keys with trusted individuals and anything else is the icing on the cake.
You can set up Postfix (not sure about the alternatives I'm afraid) to remember details about other SMTP server's certificate fingerprints, which should mitigate against StartCom attempting to MITM your communications (remember the certificate authority doesn't see your private key at any point, they just sign your CSR). And if you are using DHE or ECDH ciphers then you have "forward secrecy" protecting past SMTP traffic at least...
But it appears that most active SMTP servers are not set up to handle SSL or TLS protected traffic, so PGP/GnuPG remains the best bet. FWIW I have set up my own server to handle encrypted SMTP, on principle!
-
-
Friday 5th July 2013 09:34 GMT Anonymous Coward
Re: Encrypted email
I strongly suspect that "The Man" isn't the issue with encryption being any good, I always work on the principle that if "The Man" wants to know something about me, they'll know and I won't know anything about it. They'll know before it's encrypted, is more along the lines of what I'm getting at. So I work on a balance that I don't do anything particularly wrong, nothing to arouse suspicion and even the things which I do aren't going to elicit the kind of money being spent that would be required as it would be totally disproportionate.
For me, encryption is about preventing scrotes getting my personal emails or my bank details, even then the bank details are the more important. If someone got my emails, they'd know what I've bought over the last few years and find some truly tedious waffle. I don't encrypt my files at home as a rule, because the consequences of losing the keys would be very annoying indeed.
In the same way that the bank I used to work for didn't encrypt data to tapes, because loss of keys would be an impossible situation. What they did instead was not allow tapes to leave a datacentre, ever, except in shredded form.
-
-
-
Thursday 4th July 2013 15:40 GMT Werner McGoole
Eh?
I'm not quite sure I follow this. If you post something scurrilous and the police get involved, they have access to the package you posted. Why do they need a picture of it when they can take their own?
Obviously, if they can trace the original picture, they can find where it was posted (but if it was a bomb, the pattern-matching software might not have have much to go on). But a postmark does this and more simply too.
-
Friday 5th July 2013 03:36 GMT BornToWin
People are really stupid
Is any of this information about goverments in countries all around the world including Europe and the U.S. monitoring electronic communications and in some instances snail mail when there is legitimate reason to do so, some revelation for the populace? If so you've been living under a rock for the past 30+ years.
-
Friday 5th July 2013 08:23 GMT Anonymous Coward
Jesus Christ, am I the only person that's been paying attention to this?
They've been opening the snailmail for decades and have never hidden the fact. It even says in the story that this was being reviewed in '76, and that wasn't a secret meeting either. Why is this news to anyone?
I mean, I'm glad people are finally getting angry about it but it's very odd that it took so long.
John Smith 19: "Because there just aren't enough snoops to process every physical item in the way every digital item can be stored"
Actually, there are. The NSA employs tens of thousands of people to open the physical mail and, again, has done so for decades.
It's like watching people come out of those sleep machines in Alien.
-
Friday 5th July 2013 15:09 GMT Beauchamp
To and from?
I would say that it seems unlikely that they would collect meta-information from the letter contents.
Most likely is that they are collecting only the To: and From: fields for their database. The connections between people are the richest source of information that is likely to be easily derivable from such communication since anything that was hidden in the message could not be routinely looked for.
After all is said and done there are a very, very large number of ways to hide information in what seems to be plaintext.
I'm particularly interested in how they could conceal that a letter has been opened.
-
Friday 5th July 2013 23:28 GMT Anonymous Coward
Re: To and from?
"I'm particularly interested in how they could conceal that a letter has been opened."
What makes you think they tried? I had post opened on the way to me from the US and it came with big stamp on it saying "this mail has been opened and inspected by" whatever department it was. That was in 1983.
-
-
Friday 12th July 2013 16:50 GMT Anonymous Coward
Where there's a will, there's a way
So, you just make an arrangement in advance where it is agreed that all mail going to to a given address is sent without a return address and inside said mail is another envelope and in that envelope another one with postage on it and the address where that letter is going. Your buddy drops that one into the mail. It also has no return address. And it too, could be going to another forwarder. Kind of a snail mail version of TOR.