Skip to content

Email Immersion and your privacy

An online tool from MIT helps you see what the government can see.

The Media Lab at MIT has an online service which shows how revealing ‘metadata’ or ‘identifiers’ collected by the US government can really be.

Microsoft, the US government and others defending the controversial PRISM program have been relying on the subtle difference between getting the records of email transactions (From, To, other details of the email including perhaps Subject) and actually reading or scanning the email content itself.

For a long time Microsoft has called this kind of detail ‘metadata’ since it makes the whole thing sound more trivial than it really is. The National Security Agency (NSA) uses ‘identifiers’ as their preferred obfuscation.

It’s like the difference between the police getting phone call records (number called, time and length of message) and actually listening in to those conversations. One is considered trivial, almost ‘fair game’, but wiretapping is a serious matter needing court approval.

For example the NSA has been boasting that only 0.00004% of internet traffic is actually read by them. But that’s a distraction from what the email transactions alone are telling them.

You can tell a lot about someone from just those transaction details. The authorities don’t necessarily need to listen to phone calls or read emails to look into someone’s private life..


Immersion

Enter Immersion, a clever online tool from the MIT Media Lab. You can enter details of your online email storage (Gmail and Exchange Server) or use one of their demos.

Immersion will scan your message headers then show a diagram of the connections between you and others as well as how they change over time. It’s possible to see who you are contacting more often and the connections between all your correspondents.

Immersion demo image from Email Immersion and your privacy at Office-Watch.com

In the above example, you can see the email owner has two main groups of contacts. Only ‘Bao’ emails with both groups. Cecily and Genia have contacts with some small clusters of people but not with each other.

The slider at the bottom lets you see changes in the patterns over time. In the real world, changes in email transactions would tell the authorities about changes in your life without the need to read a single email message.

On top left there are semi-hidden sliders to change ‘Charge’ ‘Nodes’ and ‘Links’ as well as search for a name and zoom in on that person.

Immersion controls image from Email Immersion and your privacy at Office-Watch.com

Immersion predates the whole Wikileaks/Snowdon news. It’s not a political statement, but in the current controversy it has become one.


Beyond Immersion

Immersion has some limitations in its current form. There’s no way to combine detail from email accounts into a single view, which would tell you even more.

There’s no accounting for social media contacts via Twitter, Facebook etc. Let alone Instant Messaging and Skype.

A notable omission from Immersion is Hotmail/Outlook.com . If Microsoft was really interested in customer transparency they’d work with the Media Lab to let Office 365/Outlook.com users see their own email patterns in Immersion


Documents

Any document you save in the cloud is almost certainly being reported to government authorities. All the media focus is on emails but it’s hard to believe that PRISM isn’t also getting details of documents saved on Skydrive or Office 365 hosted Sharepoint (file name, date saved/modified, sharing details, location of users etc).

That information can be combined with email information to give an even bigger picture of your private life – even though no emails or documents are actually being read.

Since Microsoft uses a ‘single sign on’ system via personal ‘Microsoft accounts’ it’s easy to combine transaction details from Office 365 or Outlook.com email, documents/files on hosted Sharepoint or Skydrive as well as bookmarks and browsing history.

To be clear, we’re not against targeted surveillance to combat terrorism or crime generally. But PRISM and similar schemes are casting a very wide net to include details of the quite innocent majority. Microsoft, Google and others seem to be lying by omission in their public statements while Microsoft has been a compliant participant. Former US President Bill Clinton got it right when saying back in June:

I believe the most important thing is that we have accountability. But I will say this – freedom and security are not incompatible; they’re mutually reinforcing.  I think you’re more secure if you have more freedom. Therefore I think we should be on guard for abuses of the use of technology by our government.

About this author