[malandrew]

I reckon you could use link honeypots to prove emails are being read. Send out enough emails from many accounts with links that aren't meant to be followed and see how many are followed and what IP addresses the links are followed from. If you do that across enough accounts, you should be able to figure out whose accounts are being wiretapped.

I'm sure there are other types of honeypots that could be set up.

[jholman]

Ah, hmn, that's a more-clever plan than any of mine.

BUT I'm still a little skeptical, though maybe the details could be worked-out. I mean, if you send the emails to fake users, then the NSA isn't likely to follow the links. And if you send emails to real users, then you have trouble proving it wasn't the real user (owner of the mailbox) who followed the link. I mean, the IP addresses do help... unless the snoopers use TOR, or equivalent. (In fact, what do you figure are the odds that the original TOR developers now report to Alexander, via USCYBERCOM, via the Tenth Fleet, via NETWARCOM? Where would you assign those guys, if they still work for the Navy?)

In favour of this honeypotting idea, though, if you set up fifty honeypots, and your opponent evades forty-nine of them but falls into the fiftieth, maybe you've still got something.

[malandrew]

I reckon the admins of mail servers that are likely to be NSA targets (government mail servers or newspaper mailservers for example) could set up some sort of script that sends emails from American services (gmail, yahoo, etc) to many addresses on their own mailservers and then use another script on their mailservers to "clean up" those messages before it gets to the recipients. This would ensure that the messages get intercepted by the NSA, but never get to their intended recipient. If any link is followed, then they can be certain that the message was intercepted.

Generating messages could be done using Markov chains that learn from the content across many of their own mailboxes. Before that Markov generator is used, it could be scrubbed of any words that are particularly sensitive because they refer to classified or secret material.

That's just one idea. Now that the cat's out of the bag, I hope security researchers are already working on such honeypots. Personally, I think every major newspaper should be among the first to implement honeypots. Alternatively, people who thinks they are at risk for surveillance or suspect that they are already being surveilled should be able to submit their email to some watchdog group that can set up the honeypot on their behalf.

[e3pi]

How do you discriminate this from auto-generated email addy spam? Am I missing something?