I knew it was sent plaintext across a bunch of networks, some of which I directly paid to carry my traffic.
I did not expect that every single one was slurped and stored by my own government, particularly in cases where it doesn't even cross any national boundaries.
Not even when Duncan Campbell told you about ECHELON in 199?
I'm still struggling to understand why GHCQ having a 3 day cache is so much worse than all the other privacy violating stuff that goes on. (I am annoyed by the failure of oversight; by the weird wriggling around laws; and if anything I'm more annoyed that they have all this information and don't appear to be using it to lock up criminals.)
But I'm not that* worried about GCHQ. I wouldn't be able to afford the steel blast door if I was worried about a well funded government agency getting my stuff, and I know that merely saying "it's illegal" isn't a strong protection against bad actors.
I'm a lot more worried about my local council. GCHQ hasn't done anything to me. (And is unlikely to, unless I marry a journalist working with government secrets.) But my local council will invade my privacy - they used to sell CCTV camera footage to tv shows; they spy on homes to assess school entry or parking permit validity; they do a bunch of unsavoury stuff.
I'm worried about the records my doctor holds, because there are risks of people losing memory sticks or giving information out to other people over the phone or not destroying hard drives correctly, or of staff gossiping (or being corrupted with bribes).
> In an astonishing breach of security BT Cellnet has handed out, over the telephone, a confidential pin number allowing the recipient to listen in to the confidential messages of any of the five million customers on their network.
> The Independent on Sunday has that pin number and yesterday was able to hack into the message systems of 15 people. Their permission was obtained in advance.
I'm worried about all that stuff too, particularly the unified database they were talking about under ID cards, with hundreds of thousands of busybodies having access.
I'm just saying that while I knew it was trivially easy to read email just by sniffing the wire, while I knew that they could do this and probably were, that doesn't mean that I expect that sort of behaviour from a democratic government or that that expectation amounts to a sort of implicit permission to treat the data as public.
For a counterpoint - email from government departments comes with footer text claiming it private and confidential!
I think we are probably using expect in slightly different, nuanced ways. I may expect that they do it (in the sense I think it's likely) because I'm a realist and also a cynic. But in other ways I don't expect it (in the sense I don't think it's reasonable behaviour).
A large percentage of email is never sent in plaintext. Few senders use external relays, and the overwhelming majority of mail is sent directly from sender MTA to recipient MTA. Most recipient MTAs support and encourage TLS.
Of course this is a "probably" type of thing, but just worth noting. Assume it's plaintext, but it probably isn't.
I did not expect that every single one was slurped and stored by my own government, particularly in cases where it doesn't even cross any national boundaries.