End to end email encryption: Will unions ever adopt it?
I have heard many unionists over the years accuse management of being able to intercept email messages involving union members. I even once overheard a technical person working for a public entity bragging that they could very well access messages sent through their central email servers and that the email system always saved copies of sent emails regardless of what the "union tells users" to configure clients to do. Certainly any email that is stored somewhere is definitely going to be accessible by computer admins and if email is transported between servers without encrypting the traffic then it is sniffable the whole way on the "wire' also. Our management claims the right to see anything that goes through "it's" computer systems and it's networks, so there is always the considerable danger that someone can get fired for sending any email that is not part of "their job". And it certainly does happen. Going back at least as far as 1991, I worked in a location where someone was forced out for having sent out wedding invitations to some people at work, which was alleged improper use of the employer's computing system. (This information gained by a manager who somehow hacked access to seeing other user's directories on a novell server.)
This kind of thing goes on everywhere as typically employers have total rights to any information going through their computers and networks. So why aren't unions at the forefront of end to end encryption? Has any pki implementation been adopted by any unions anywhere as a best practice? My employer, a public institution, has started a trial of a certain "2 factor authentication" product that uses an usb smart-card-like device to store the keys. This derives in particular for best practice compliance with laws such as HIPAA. A similar system:
http://www.dartmouth.edu/comp/support/library/safecomputing/defenses/aut...
So far so good as far as I can tell from brief testing. This product works with outlook, thunderbird and some Macintosh clients. If one configures their email to always send out one's signature, then it is easy for someone to send an encrypted email to you just based on having received one signed email from you previously. Email programs such as thunderbird will accumulate digital signatures for you as they are received. Encrypted emails in storage in one's inbox on a server, or having been downloaded to a computer are protected in that they cannot be decrypted without the device being attached and the user supplying the password they assigned to the token.
(A concern of mine here is a malicious key logger running on the computer reading the password and/or throwing up an identical window asking for the password. I think your privacy is truly SOL and nothing including this solution will help if an adversary was able to plan a rootkit-like surveillance program on your pc.)
I doubt enrypting email will get much easier than this. And if you've ever struggled with something as complicated as gnuPGP seemed to me the last time I tried it, this IMHO is way easier and more convenient.
So is it finally time for unions to jump on the encryption bandwagon? Would it not make sense for unions to issue such devices to officers, stewards and key activists? How can the IT community facilitate this?
I would have to imagine that management at some point will come out against encryption in some way, prohibiting its use. Yet this may be difficult to pull off where employees do have reasons to deal with encryption as part of their job due to FERPA, HIPAA, etc.
Use gmail to send outgoing mail
First, not to say your concerns aren't valid, they certainly are, but I think the first step is to get unions to use e-mail in the first place. How many unions actually collect e-mail addresses and have a program in place for keeping them up to date? A slim minority. Adding a system for encryption adds a whole new layer of complexity.
Anyway, I think it goes without saying that an employer's email server should not be used for the transmission of union business. Every union should have their own domain name. However, that still doesn't solve the problem of sending mails from work. If you must do union business while at work, one option is to use Google's gmail servers to send outgoing mail through their SSL server. That will encrypt you mail so it will be unsniffable.
Hotmail?
How about using the hotmail. Probably the most used e-mail host. How "unsniffable" is hotmail?
I'm deeply concerned in using Google. Google is the largest search engine that currently exists. They search not only what is out there on the net but also pictures. They control Blogger by owning it. I'm deeply concerned that a company got so much control over our information and are so dominated in finding content on the net.
"The lone gunslingers of the blogosphere could work as a posse, and that's what let us raise an army"
Don't know about hotmail
Google lets you send and receive mail via SMTP protocol. I doubt Hotmail has that.
Hotmail is owned by Microsoft, as you probably know. Why would you trust Hotmail more than Gmail?
I have mixed feeling about Google. Right now, I trust them. If the day comes when I don't, I won't use gmail.
Agree about gmail vs hotmail
SSL Servers
The cost for updating yours or the unions' servers to include SSL documentation is so nominal that it is actually neglible in the overall budget of a LU. There's absolutely no excuse for not encrypting the whole site, IMHO.
Glenn
end to end encryption
Golly this is supposed to be best practices, not lowest common denominator :-) There will always be some people who can't do some
thing. I don't think we should say "we can't do this anywhere unless the least technological people in the least technical locals can do it".
We ask "why dont unionists use email?", then we put
forth the belief that of course unionists should never use
the workplace's computer systems or network for sending or receiving email to do with the union. With that "rule" in force, we can do away with a lot of email!
Then we have it that the people have to have:
a computer at home and an internet connection,
someone else will not be using it at the time,
they can devote the time to check their email, and
they will remember the id, password, and location of this alternate
email system different that the one at work, and it will not have run over-quota and bounced everything, and/or be filled with spam.
This loses pretty much the whole point of email that it is a rapid communication medium, by having it only be available when the person is not at work or in transit.
And many employers block popular email services' IPs at the firewall in the name of "security" so you're not going to be reading hotmail, yahoo or any other well known freebie email system where the typical draconian employer resides. Where I work this is done at a number of locations, and there are groups where there is no access to the internet allowed whatsoever. The employer bent on preventing ssl emails could very effectively do so just by blocking the common ssl ports.
On the other hand, please remember it is NOT a universal rule that unionist can never do any union activity at work. It may be a common rule but it is definitely not universal. In fact by an historical fluke our local is not covered by this rule despite other locals with the same employer have unfortunately been saddled with that rule in their contracts. It's important for people to not go along with rules that do not actually exist. Don't give up communication rights voluntarily without a fight!
Since we apparently agree upon the hazards of union emails and the
propensity of management to want to prevent such communication,
attack communicators, and intercept communications and use that information against the unionists, I find it strange that no one besides me is in favor of encrypting them. I advise thinking about how management is going to find and punish emailers to enforce their rules
before you totally write off encryption. For example, my employer has
email servers configured that require ssl connections, which is good.
But when that email is sitting on/ going through the server it is not encrypted. If
a person downloads email via pop or imap, it is not encrypted on one's
computer. When the email is transfered from that server to some other
server it is very likely NOT encrypted. When the recipient of an
email reads it, it may not be encrypted. You have no control over
what happens to email after you send it. Let's say you are using an ssl connection to gmail to send important strategy info to some other unionist and they read it at work. (If the only email address you have for them is a work address, what are you going to do?) This document can be intercepted at many points along the way, when it is stored by google, when it is transferred from
their email system to other systems, when it is in storage on an
email server at the recipient's workplace, and possibly when the
recipient reads it. Plus if the recipient downloads their messages such as via pop, it has a number of storage opportunities on their computer.
If one were using a typical two factor authentication system, the
email cannot be decrypted without the device being present *and*
knowing the password for the device. To me this is a considerable improvement. However, the possibility exists that management could simply demand to be given the device and the password. This would however hopefully be an issue that could be negotiated. At least this
would be a visible action on the part of management, rather than them
being able to intercept plain text communications without any notice.
One to Many or Many to Many Communication.
hc, I like many of your points, don't play to fear, figure out how to communicate, however you can. That said...
Email was never intended for the use it experiencing now. The technology is 34 years old and Google is taking a shot at revisioning the process.
Folks do argue that it is not a the only communication tool for one to many or many to many communications.
Things like weblogs are much better for spreading mass information, because people can stick with their email pointing to it.
weblogs better than email?
Yeah I could picture a lot more information out there on the web too,
being an info-junkie like I am. I get very angry when I don't hear about something that interests me (BEFORE the event!). Most of our constituency expects extremely detailed info about upcoming events and
if it's not available on the web, they will not consider attending. I've tried to explain this to some web-phobic affiliates but there's just no way it sinks in. (Yes it's convenient for the staff to not publish the agenda and workshops until the day before, but if the cut off date for signing up was 4 weeks ago, that is not a viable strategy. Sure the people who always go will go; it's the new people you are missing by doing this.)
But one reason I focus on email is knowing that many unions
do not wish to put a lot of information out, and that goes 10 times over for putting it where just anyone can read it. Secondly there is the problem of people knowing where to look for good quality information in the sea of blogs/sites out there right now. ( BTW check out the censorship article:
http://www.infoanarchy.org/ )
Really this is a problem with any kind of organization I've ever seen.
If someone provides a great deal of information about something, there will be people inside the organization and outside of it that will cause negative results of some sort. So over time most organizations
become highly secretive, only sending out info to the smallest possible audience, by the sender's estimation of who "needs" to know.
They may send out volumes of expensive branded promotional braggery, but nothing meaningful nor controversial. They may only send out masses of requests for money and/or support; everything is what 'you can do for us/the movement', and nothing that directly benefits nor empowers the audience within the organization.
A certain affiliate sends out email notices mostly concerning current
legislation and public meetings that always contain elaborate trailers
that the recipient is not allowed to forward the emails to anyone else
nor pass it on in any way. Apparently they are worried that if they
tell everyone about some hearing, they might end up with more of the
opposition appearing than their own side. Is this a valid concern? I don't know. As another example, organizing theory today advocates
"building by building" organizing. We must only advertise a meeting in one building and it must be limited to people in that building. This one "rule" has been hugely divisive. Many members feel building meetings are the most likely way to put the attendees on the radar of someone above them, or a peer enemy, and see this as the worst possible strategy and unacceptable risk. Further with an organizing target that has hundreds of buildings varying in size from whole blocks 7 stories high to tiny rented locations with 20 offices, this strategy seems astoundingly inefficient. Why do they do it this way? Well they just say that's how it has to be done according to the "research". I think the problem is again, wanting to keep the lowest possible profile. The organizers themselves are fearful of management retaliation even when they themselves don't work for that employer but instead work for an affiliate!
(So you'd think they'd realize the much larger risk to people who
do work for that employer, and how they really don't want to advertise their union interests with potentially hostile coworkers and managers close to them, but they don't.) The organizers are afraid to get too large on the radar of management, but by being so secretive they are also not getting on the radar of people who could be persuaded to join.
It's very hard to measure the positive and negative outcomes from communications in order to "prove" that more communication is better.
I think it's easier to detect negative
results than to detect the positive effects of communications, and
it's particularly difficult to measure the "alienation factor", if
the rank and file feel they are not getting the kind of info from
the union that they want/expect. People may always be complaining
that they don't feel they are a part of decisions, don't know what's
going on, etc. but it's very difficult for people outside of the
information flow to get to specifics, to say, "you should have told everyone about that" or "you should have solicited input from the rank and file on that topic" because of course, they don't know about it.
I've done some thinking on this
I feel it's better to communicate too much than too little. If you can create an avalance of activism, it really doesn't matter if the "enemy" knows what's going on. You could try to fly under the radar for the first few meetings just so you can get the project off the ground, but it doesn't make sense to try to have a covert operation for very long.
As far as web logs, you can simply make private blogs, restricted to select individuals.
information yes or no
I agree but you end up with organizations that are loaded with
people who want to fly under the radar, as low as possible. It's not feasible to be the only goose who wants to honk in a flock of thousands of silent geese who just want to wait for the designated head geese to issue orders :-) When you start honking without permission, your flock mates start biting YOU because that's not how "we do things".
I would suggest the following ideas to get attempt to get around this on mailing lists etc:
Have is a written code of conduct for a list/web site that endorses
free speech. Who gets to post what and how often. Then enforce it.
You need to stop people from throwing ice water on everyone who
says anything and you need to be very firm that people can complain
about the concepts in a post but they cannot tell someone that they cannot speak on that topic. For example, someone can state they disagree with people who are antiwar, but don't let them go down the road that people who are antiwar cannot promote antiwar events. Or possibly better, make a list for JUST traditional union topics like wages and benefits period and another list for political activist
type topics. You can find a lot of people in unions who ONLY want to hear about what the union is doing/will do for them about benies and work rules and they do not welcome hearing about any social events or any suggestion that the membership could do something they haven't already decided to do. These "we paid our dues and that's ALL we're going to do" types are by far and away the most common kind of union members I have run into here. I think you might as well plan on that up front and attempt to accomodate them because you're not going to change them.
I suggest NOT using real names nor real email addresses in mailing lists or anything like that. For one thing you want to prevent bullies from attacking posters privately. At least make them post to the list/forum and then if it's unacceptable because they are trying to suppress free speech, delete it. Only one really aggressive reactor can freeze off a large mailing list.
This is really a problem on local
technical mailing lists where I work. There are just a few people,
inevitably young male extremely aggressive hot shots, who
make sure they join all lists and then really ream out someone if
they ever don't like something they post, and they are very very enthusiastic about it if the poster is the "wrong sex" or differs from them in some respect. A lot of times these professional spoilers don't ever contribute anything themselves, they just want to make sure they ruin the party for others by being hypercritical and arguing about anything some of their designated targets say. These people always feel extremely confident about their opinions on absolutely everything and will vociferously argue on issues they obviously never dealt with and are completely clueless on. But it also is very typical to get one or more "list kings" who want to be the only designated spokespeople . If one of them is a moderator, there's trouble :-)
And last but not least: Have more than one list. One for "important" announcements only, the other for discussions. Perhaps a separate one for social opportunities and related activist activities. There are always going to be people who just flip out if they get more than one email per month and there's no way around it. This can be very divisive because you often have people who will act out over getting
too much email in a very hostile and disrespectful tone that may be against the very people in the local who are sticking their necks out and putting in a lot of uncompensated time and effort for the union. So it's not a good thing to set up this situation that the prima donnas can throw tantrums about too many emails. It can discourage and disaffect the few people who are volunteering. For that reason, plan on this problem ahead of time with separate lists and escape hatches.