How to really tell if NSA is reading your e-mail

This morning Boing Boing posted a link to a site which explains “How to tell if the NSA is reading your e-mail.”

I can definitely understand why people would want to know if the government is spying on them, but I have some bad news: The directions, as presented, won’t work.

Sure, they may (or more likely, may not) tell you that NSA is reading e-mail, but using this technique won’t tell you if they are reading your e-mail.

In case you didn’t click either of the links, I’ll explain the proposed idea briefly. You are to create two new Web-based email accounts, one in the U.S., and one outside the U.S. You then send messages between the two, which contain a link to a secret Web page that isn’t linked to from anywhere else except in that message. You then check the server access logs. If anyone accessed that page, then they intercepted your message.

I hope that why this won’t work is obvious, but I’ll tell you anyway: Neither account is your e-mail address! While someone might access the secret Web page, that will only tell you that someone read the e-mail. It doesn’t tell you if someone was reading your e-mail, because neither address is yours!

If you want to know whether NSA is reading your e-mail, you would have to send such a message from your own e-mail account to a foreign e-mail address, and then see if anyone (aside from the recipient, if any) opens the secret link.

So the process which will work is a bit different: You create a foreign Web-based email account, and then send messages to it with secret URLs in them from your own e-mail address. Then you see if anyone opens the URLs.

Thanks to Stephen Gordon for pointing out this bit of stupidity.

Oh, and I should remind you all, before you try this, that if NSA wasn’t watching before, they will be after you’ve done this little experiment. Also keep in mind that this will only tell you if your e-mail made it to the processing stage, where a human touched it and evaluated it; it won’t tell you if a computer looked at it, decided it was worthless and discarded it, which is what happens to 99.9% or so of intercepted traffic anyway.

Update December 26: Bruce Schneier picked up on this idea, and apparently he too missed the obvious flaw in it.

One thought on “How to really tell if NSA is reading your e-mail

  • December 26, 2005 at 10:29 am
    Permalink

    Bruce is probably as busy as I am, if not more so, and besides, I notified Boing Boing but they haven’t done anything as far as I know.

Comments are closed.