The Fourth Amendment, unlike other amendments, says, "the rights of the people to be secure in their persons, places, houses and effects..." not simply the rights of "citizens." What you advocate is permitting the wholesale abrogation of privacy of tourists, visitors, lawful residents and others in this country, simply because they are not citizens?

You conveniently neglected ?foreigners on student visas? in your list. I certainly don?t propose that all foreigners be rounded up and searched by a Gestapo, but their expectation of privacy should be held to a lower standard than the rest of us. For example, I?m an American citizen, and if I decide to attend flight school and research the blueprints and engineering diagrams of the Sears tower, that?s well within my rights (and the rights of foreigners) to do. If the FBI conducts a search of my possessions based on this information, and without a warrant, I have rights to refute anything found by the search.

But, if an Islamic Fundamentalist from Pakistan or Saudi Arabia on a student visa does the same they have fewer rights under the constitution. If their intentions are completely benign, then fine. But if they were planning on flying a 747 into a skyscraper, they shouldn?t be able to hide behind the constitution and claim that the FBI conducted a warrantless search yadda yadda yadda and they?re off the hook and giving interviews on Larry King.

? almost all permit and many encourage the use of web based email services in order to permit employees to send and receive email that does not carry with it the corporate domain.

What companies are these? I hope that you as security consultant aren?t saying that this is a good idea. Hotmail and the like provide no audit trail if someone decides to send company sensitive information out, is a huge vector for malware infestation, and is all around against every security policy I?ve seen in my life. Most companies filter those domains at the proxy, and provide clear direction in the security policy that it is not permitted.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/105/16318#16318